Hello,
On Wed, Jan 17, 2024 at 09:57:41PM +0100, Bo Berglund wrote:
> Is there some way when that RPi has connected to my OpenVPN server to reach it
> "backwards" via the connected tunnel? I mean to establish a command line SSH
> interface through the tunnel or similar.
Well, it has a (presumably private) address on the OpenVPN interface that you
can control from the VPN server configuration.
For example here, this is an OpenVPN client with no public address (on a CGNAT
via a 4G wireless link):
The 4G interface with a private IP (wwan0)
inet 10.56.90.106/30 brd 10.56.90.107 scope global dynamic wwan1
(obviously, you can't do much with it, as it's CGNAT controlled
by the 4G network operator)
The OpenVPN interface with a private IP (tap0, also works with tun0)
inet 192.168.251.4/24 scope global tap0
So, from the OpenVPN server, assuming your pi has no firewall:
schaefer@shakotay:~$ telnet 192.168.251.4 22
Trying 192.168.251.4...
Connected to 192.168.251.4.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
Yes, SSH on your pi can be reached, or whatever service you want to
be reachable.
> But the lack of public IP makes it impossible to run a server on the client
> side
> to access the RPi and I guess if done it would create a closed loop kind of
> connection...
Just make your SSH server on the pi listen on 0.0.0.0 (which is the default), it
will happily answer on all of the IP addresses, private or public, that it has.
> Advice on how to configure the client and server for this is gratefully
> appreciated.
In my case, there IS a firewall, and the OpenVPN client startup script
configures
it correctly so that the SSH server is accessible from the VPN.
If I remember well, in addition, I had to derive the (private) IP address from
the certificate client name (CN) and push it to the client through the server
connect script, something like:
case $common_name in
client[0-9][0-9]) the_ip=${common_name/client}
case $the_ip in
0*) the_ip=${the_ip/0};;
esac
cat > $1 <<EOF
ifconfig-push 192.168.251.$the_ip 255.255.255.0
...
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
