While it is probably not the best VPN for beginners, it is a good option for tech-enthusiasts who want to get their hands dirty using some more advanced VPN features on offer (such as VPN over SSL and VPN through Tor). The VPN was setup by “hacktivists and activists” and it has a zero-logs policy to ensure that your online habits are always kept secure. The VPN is a relatively small provider with fewer server locations than other premium services – but for those looking for high levels of privacy, it is a worthy option that will not break the bank. Users get access to VPN through Tor, strong OpenVPN encryption, port forwarding, and cryptocurrency payments for added privacy. Sudo ip route add default dev eth0 via 12.345.67.89 table 3412There "12.345.67.89" must be the original non-VPN gateway.AirVPN is an Italian provider known for its advanced security and privacy features. But on an older Wheezy system I have just found that I need to add "via" to the routing table entry: # our routing table with eth0 as gateway interface The above works fine for me on Debian Jessie. # route packets with our firewall mark using our routing table Sudo ip route add default dev eth0 table 3412 # our routing table with eth0 as gateway interface Sudo iptables -t mangle -A OUTPUT -m connmark -mark 1234 -j MARK -set-mark 4321 # set "firewall" mark for response packets in connection with our connection mark Sudo iptables -t mangle -A PREROUTING -i eth0 -m conntrack -ctstate NEW -j CONNMARK -set-mark 1234 # set "connection" mark of connection from eth0 when first packet of connection arrives I used distinct numbers to make the diffences between them more apparent. You could use the same number for the connection mark, firewall mark and routing table. The idea is to ensure that when a connection to eth0 is made, even if eth0 is not the default gateway interface anymore, response packets for the connection go back on eth0 again. ![]() Below, it is assumed that the default gateway interface before OpenVPN is started is "eth0". The problem is that the default gateway gets changed by OpenVPN, and that breaks your current SSH connection unless you set up appropriate routes before you start OpenVPN. ![]() Since Google finds this page when you search "openvpn breaks ssh", I may as well put this post here too. On the contrary, if it's your client connected to an Air server, and your server is not, just use ssh normally. You can also specify multiple IP addresses with multiple "ListenAddress" lines. In /etc/ssh/sshd_config locate the line ListenAddress and set it to the appropriate address. If your server is connected to an Air VPN server but you want it to reachable via ssh NOT behind the VPN server, just bind sshd to the IP address of the network card you want it to listen to. Your case does not require policy routing. Any links or tutorials would be greatly appreciated. I do not want any leaks and the sole feature that I want is to be able to connect to the OpenSSH features running on the server. This is beyond my knowledge of networking so If somebody could confirm if this is possible or recommended, then I will look further into learning how to do this. ![]() From what I gather from reading some other OpenVPN posts, some folks have achieved this using "Split Routing" or "Policy Routing" with OpenVPN.
0 Comments
Leave a Reply. |