fixing the issue of ssh not working after vpn is enabled

Posted on by

If you have a Linux client connected to a VPN changes are that you might have issues with your connection after the VPN service is enabled.

Scenario

you have one machine with one network adapter IP 192.168.x.x and after you enable the VPN you have a tunnel with another IP 10.x.x.x

Symptoms

once you enabled the VPN you no longer are able to ssh your machine to 192.168.x.x  (below image show that the ssh waits forever)

1

Cause

the VPN messed up your routing tables

Fix, you have you specify manually some rules

first review your network adapter and their IPs

[donhk@i7box ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever

3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 40:f0:2f:f7:94:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.x.x/24 brd 192.168.x.255 scope global dynamic wlp2s0
valid_lft 46152sec preferred_lft 46152sec
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.x.x.x/24 brd 10.x.0.255 scope global tun0
valid_lft forever preferred_lft forever

Notice this

192.168.x.x/24 and wlp2s0

now let’s use the following command

ip rule add from <your-server-ip> table 128
ip route add table 128 to <your-server-subnet> dev <your-interface>
ip route add table 128 default via <server-gateway>

example

ip rule add from 192.168.x.x table 128
ip route add table 128 to 192.168.x.0/24 dev wlp2s0
ip route add table 128 default via 192.168.x.1

3

192.168.x.0/24 is the subnet and the first IP is often the gateway 192.168.x.1

Special thanks to my Friend Eduardo for his help on this

tenor.gif