Announcement

Collapse
No announcement yet.

VPN vs. regular connection. Tunneling some services but not all.

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    VPN vs. regular connection. Tunneling some services but not all.

    I'm not knowledgeable with IPtables or networking really. I only know enough to get it up and running. I'm working on Ubuntu Server 18.04 running headless that I access via SSH.

    On the server, I would like to use both a VPN connection and a normal non-VPN connection for different services. The reasons are my media server isn't accessible behind the VPN and the VPN connection is considerably slower than my normal connection. So I would like to use both the ethernet connection (eno1 on my system) and the openvpn (tun0) connection, restricting the tun0 connection to specific services.

    Here's where I'm at:
    eno1 is set to a static IP using netplan:
    Code:
    [FONT=monospace][COLOR=#000000]# This file describes the network interfaces available on your system[/COLOR]
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: no
      dhcp6: no
      addresses: [192.168.1.250/23]
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8,8.8.4.4][/FONT]
    With the VPN off, the route looks like:
    Code:
    [FONT=monospace][COLOR=#000000]Kernel IP routing table[/COLOR]
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eno1
192.168.0.0     0.0.0.0         255.255.254.0   U     0      0        0 eno1[/FONT]
    With openvpn up and connected through my VPN (PIA if it matters), the route looks like:
    Code:
    [FONT=monospace][COLOR=#000000]Kernel IP routing table[/COLOR]
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.59.10.5      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eno1
10.59.10.1      10.59.10.5      255.255.255.255 UGH   0      0        0 tun0
10.59.10.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
107.191.33.6    192.168.1.1     255.255.255.255 UGH   0      0        0 eno1
128.0.0.0       10.59.10.5      128.0.0.0       UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.254.0   U     0      0        0 eno1[/FONT]
    and the connection works as expected - I can "see" the internet though tun0 and have a different IP than the one provided by my ISP. But this seems to disable my ability to use eno1, i.e. I can ping google from tun0 but not eno1.

    So either my openvpn connection is configured incorrectly, or I need some sort of other netplan or iptable routing - or all of the above. Suggestions?

    Please Read Me
    Tags: None
    • Top
    • Bottom
    #2
    It might be worth mentioning that I also have second ethernet port that is not yet being used (but could be). In my 14.04 server install I used both ports via aggregation (binding) but I don't yet know how to do this with netplan vs. the old network/interfaces method.

    Please Read Me
    • Top
    • Bottom

    Comment

      #3
      Can you ping google using Google's IP address instead of their domain name? If so, your netplan isn't providing DNS.
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.
      • Top
      • Bottom

      Comment

        #4
        With the VPN off using eno1 - I can ping google.
        With the VPN on using tun0 - I can ping google.

        With the VPN on using eno1 - I cannot ping google.

        Please Read Me
        • Top
        • Bottom

        Comment

          #5
          Originally posted by oshunluvr View Post
          With the VPN off using eno1 - I can ping google.
          With the VPN on using eno1 - I cannot ping google.
          Doesn't that make the question "How can I add DNS to eno1 when my VPN is on?"

          PS- I'm probably asking the obvious. I've never used a VPN so I wouldn't know the answer to that question and if I DDG'd it I'd know no more than what you'd know doing a DDG search.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.
          • Top
          • Bottom

          Comment

            #6
            Well, I'm not sure.

            I believe when the VPN is on, it's using eno1. Thus I can't access it directly. I need to either configure the second ethernet port and let it run free while eno1 is locked to the VPN (which I think would be the preferred option), or access eno1 through a iptable routing.

            I don't know enough to ask the correct question.

            I tried enabling my second ethernet port (no VPN on at the time), but it doesn't connect to the internet and caused a frequent "pause" in my SSH connection.

            Physically, both NICs are connected to the same switch, which connects to the modem. I don't know if this is part of the problem or not.

            Please Read Me
            • Top
            • Bottom

            Comment

              #7
              Interestingly, having the VPN on did not cause a change in the SSH connection that I was aware of.

              Please Read Me
              • Top
              • Bottom

              Comment

              Previous template Next
              Working...
              X