1

The context is the following:

I have installed Ubuntu server in a device at my home and set up a ssh server in this device. I can connect to this Ubuntu server through ssh without problems if the client device (Laptop in my case) is in the same local network. As I would like to access the server remotely, I installed openvpn3, this connection works fine too. But when I try to ssh (connected to another network, let's call "network B", than the server is, but with VPN connection active), I get the message:

ssh: connect to host 192.168.0.200 port 22: No route to host

I guess the reason is that network B's gateway tries to route to the devices inside network B's LAN instead of the server LAN. But I need to access the server's LAN in order to connect through ssh to my server with the private static IP address I set up to it.

Server's public IP:

$ curl ifconfig.me
181.31.117.40

Answering to @cocomac

Just to check the obvious... is it 192.168.0. 200 or 192.168.1.200? Typically 192.168.1.XYZ is the default –

Proof that 192.168.0.200 is the server's IP:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp37s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2c:f0:5d:78:39:a8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.200/24 brd 192.168.0.255 scope global dynamic enp37s0
       valid_lft 2528sec preferred_lft 2528sec
    inet6 fe80::2ef0:5dff:fe78:39a8/64 scope link 
       valid_lft forever preferred_lft forever

SSH when my laptop is in the same LAN:

sebastian@sebastian-Vostro-3405:~$ ssh sebademasi10@192.168.0.200 
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-100-generic x86_64)

    

  • Documentation:  https://help.ubuntu.com
    • 

  • Management:     https://landscape.canonical.com
    • 

  • Support:        https://ubuntu.com/advantage
    • 



System information as of Mon 28 Feb 2022 12:54:15 AM UTC


System load:                      0.09
  Usage of /:                       13.5% of 97.93GB
  Memory usage:                     45%
  Swap usage:                       0%
  Processes:                        311
  Users logged in:                  0
  IPv4 address for br-5c5a41a7cc73: 172.19.0.1
  IPv4 address for br-974f16cf42ed: 172.18.0.1
  IPv4 address for docker0:         172.17.0.1
  IPv4 address for enp37s0:         192.168.0.200


    

  • Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
    

    https://ubuntu.com/blog/microk8s-memory-optimisation
    

    • 



0 updates can be applied immediately.


Last login: Mon Feb 28 00:48:56 2022 from 192.168.0.110
sebademasi10@home:~$

Now, changing to my neighbor's network, I connect thought VPN:

~$ openvpn3 session-start -c home 
Using pre-loaded configuration profile 'home'
Session path: /net/openvpn/v3/sessions/ca62d16csfcfcs43f1sa320s14f8bd92193e
Connected

Check Public IP:

sebastian@sebastian-Vostro-3405:~$ curl ifconfig.me
181.31.117.40

ip route:

$ ip route
0.0.0.0/1 via 192.168.255.5 dev tun0 
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 600 
128.0.0.0/1 via 192.168.255.5 dev tun0 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-aa3d18e9a788 proto kernel scope link src 172.18.0.1 linkdown 
172.19.0.0/16 dev br-7c64d12635b8 proto kernel scope link src 172.19.0.1 linkdown 
172.20.0.0/16 dev br-118925d85563 proto kernel scope link src 172.20.0.1 linkdown 
181.31.117.40 via 192.168.0.1 dev wlp3s0 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.110 metric 600 
192.168.255.1 via 192.168.255.5 dev tun0 
192.168.255.4/30 dev tun0 proto kernel scope link src 192.168.255.6

NOTE:

  • Ther VPN server runs inside a Docker container

I hope this is easy to understand, please feel free to ask for any other details you consider needed. Thank you in advance.

sebademasi10
  • 21
  • Just to check the obvious... is it 192.168.0. 200 or 192.168.1.200? Typically 192.168.1.XYZ is the default – cocomac Feb 27 '22 at 00:45
  • 1
    [Edit] your Question and show us ip route. Don't reply via "Add Comment". – waltinator Feb 27 '22 at 01:35
  • Done @user68186 – sebademasi10 Feb 28 '22 at 11:03
  • I still don't understand what you are trying to do. If you connect your laptop to the neighbor's network and not connect to the VPN, can you ssh into your home Ubuntu server using the external IP address of your home network? Once you connect to the "home" VPN, can you ping 192.168.0.200? What is the purpose of the "home" VPN: (a) access the internet using your "home" ISP as the gateway, or (b) access the computers in your "home" network from outside, or both (a) and (b)? – user68186 Feb 28 '22 at 16:28
  • @user68186 I have enabled ssh to access server within the home LAN, so if I do ssh sebademasi10@192.168.0.200 it works if the client is connected to same LAN than server. Your (b) describes better my purpose. At my work I can use the private IP address to connect throught ssh i.e ssh 10.250.28.28 to devices within of the same LAN in which VPN server runs. I think I need a way to tell that 192.168.0.200 is outside the neighbor's LAN and it belongs to 185.x.x.x (public IP of home network) – sebademasi10 Feb 28 '22 at 20:00
  • Please read the first part of this answer and verify that you have setup your openvpn profile to do (b) and not (a). Some routers have built-in VPN server that allows (b) kind of access to your home network. – user68186 Feb 28 '22 at 20:04
  • Putting the VPN server inside a docker container adds another layer of complexity. Also see How to enable OpenVPN access to ONLY the internal LAN – user68186 Feb 28 '22 at 20:11
  • Honestly I don't know how to check whether the profile of VPN I set up is able to do your (b) option. Can you help me with that? – sebademasi10 Mar 01 '22 at 00:00

1 Answers1

1

I have solved this by manually adding (after connect to VPN) the route as follows:

ip route add 192.168.0.200 via 192.168.255.5

Where:

  • 192.168.0.200 is the server's private IP
  • 192.168.255.5 is the IP of the gateway in the server network

I realized this by checking ip route:

$ ip route
0.0.0.0/1 via 192.168.255.5 dev tun0 
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 600 
128.0.0.0/1 via 192.168.255.5 dev tun0 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-aa3d18e9a788 proto kernel scope link src 172.18.0.1 linkdown 
172.19.0.0/16 dev br-7c64d12635b8 proto kernel scope link src 172.19.0.1 linkdown 
172.20.0.0/16 dev br-118925d85563 proto kernel scope link src 172.20.0.1 linkdown 
181.31.117.40 via 192.168.0.1 dev wlp3s0 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.110 metric 600 
192.168.0.200 via 192.168.255.5 dev tun0 
192.168.255.1 via 192.168.255.5 dev tun0 
192.168.255.4/30 dev tun0 proto kernel scope link src 192.168.255.6
sebademasi10
  • 21