Recommended Posts

I know I am overlooking something obvious and silly, but here is the issue. On my router I have followed this guide to connect me to Private Internet Access. When it is on, I cannot establish an SSH connection to the router because apparently it cannot be routed through the VPN. I thought using the same port PIA is using for my SSH connection would allow it to work, but it does not. Basically it asks for a username/password when my SSH only uses a username and private key. Can somebody point me in the right direction?

Link to comment
https://www.neowin.net/forum/topic/1305770-cannot-connect-through-ssh-on-vpn/
Share on other sites

Are you trying to hit your routers public IP or private IP? 

 

Did you uncheck

Uncheck Redirect Internet Traffic

 

It shouldn't be sending local traffic out the vpn.. Especially traffic to your routers lan IP..

 

 

  On 15/08/2016 at 10:37, BudMan said:

Are you trying to hit your routers public IP or private IP? 

 

Did you uncheck

Uncheck Redirect Internet Traffic

 

It shouldn't be sending local traffic out the vpn.. Especially traffic to your routers lan IP..

 

 

Expand  

Indeed, it is unchecked. I am trying to hit my DuckDNS address which just points to my router.

 

hIu02l2.png

 

rQv4Zu7.png

 

I just hid the server address, username and password. It is there though.

Why would you be doing that from the inside???  That is completely and utterly pointless. Are you outside your network??

 

Your on some rfc1918 address behind your router, 192.168.x.x why would you not hit your routers via its 192.168.x.x address if you wan to ssh to it.  Are you saying your out somewhere on the public internet and want to manage your router via ssh remotely?? 

I think he wants to remote in and configure the firewall/vpn appliance once he establishes the vpn....the vpn appliance does not allow you to ssh or ssl into it if you vpn through it...you would need to connect to a pc on the network first then connect to it. 

 

I forget what you need to do to "fix" this, but I have always just remotted into another computer to remote in and config the router/firewall/vpn appliance.

Private Internet Access is not a vpn server he runs on his router for remote access , that is a client connection so that he can hide his internet traffic from his isp or circumvent geographic restrictions, etc.

 

I vpn into my network all the time, and then can just ssh to my router using the normal rfc1918 address of the router..

 

 

 

no acls that are blocking that...it is a default thing...every asa I have setup, even sonicwalls I have setup, will not allow you to connect to the host internal ip...it doesn't route.  I vaguely remember that you do have to allow it, I just don't remember what and for the amount of times I have to remote into it when connected to the vpn it really isn't worth remembering. 

I don't have a asa to play with.. So maybe its some issue with asa..  But there should be no reason why it wouldn't work.. You have a tunnel network that is connected via interface X be it a real interface a sub interface on your wan.  There should be no reason it would not allow access to IP on the lan side interface.  And it clearly should be able to route that traffic back.

 

Maybe some sort of acl in the ssh server on the asa..  Last time I was on asa was couple of months ago to straighten out a routing issue they were having on a specific customer.  Previous to that it had been years.  I normally work on actual cisco routers and switches and firewalls its mostly juniper both isg and srx, etc.  And as of late palo alto's and fortinet

  On 15/08/2016 at 11:11, BudMan said:

Why would you be doing that from the inside???  That is completely and utterly pointless. Are you outside your network??

 

Your on some rfc1918 address behind your router, 192.168.x.x why would you not hit your routers via its 192.168.x.x address if you wan to ssh to it.  Are you saying your out somewhere on the public internet and want to manage your router via ssh remotely?? 

Expand  

 

  On 15/08/2016 at 14:21, sc302 said:

I think he wants to remote in and configure the firewall/vpn appliance once he establishes the vpn....the vpn appliance does not allow you to ssh or ssl into it if you vpn through it...you would need to connect to a pc on the network first then connect to it. 

 

I forget what you need to do to "fix" this, but I have always just remotted into another computer to remote in and config the router/firewall/vpn appliance.

Expand  

Basically, all I want to do is be able to connect via SSH while the VPN is active on my entire network. I connect through a tunnel to VNC my home PC.

where are you?  When you do this?

 

So your remote and vpn'd into your home network?  or your home?  Your saying when your remove you vnc to your home pc, and can still not ssh to your router?

 

Or your remote and try and ssh/gui to your router directly?  Via what ip its public IP or its private IP, ie through the tunnel?

  On 16/08/2016 at 04:26, BudMan said:

where are you?  When you do this?

 

So your remote and vpn'd into your home network?  or your home?  Your saying when your remove you vnc to your home pc, and can still not ssh to your router?

 

Or your remote and try and ssh/gui to your router directly?  Via what ip its public IP or its private IP, ie through the tunnel?

Expand  

Anywhere away from home. I do not VPN into my home network. I run a VPN client on my router to connect to PIA. Yes, I remote and try to SSH my router directly. I just connect through my DuckDNS address which is the public address.

And when the pia vpn is off, this works just fine remotely to your routers public IP?  What router are you running.. That makes no sense at all and sounds like a bug in whatever router your running.

 

You sure its not just messing up your ddns when you connect the the vpn...  So your public IP is 1.2.3.4, your router connects to vpn and it gets IP address 4.5.6.7 or whatever so it registers that IP.  So now when you try and connect to this dynamic dns name your connecting to something else.

 

When it works what is the IP your dynamic dns resolves too.. ping the name, do a nslookup on the name, dig, drill, host your fav dns tool.. Something so you know what your public IP is.. Look on the routers status for its wan..  Then connect to the vpn, and give it a while, then check what this dynamic dns name resolves to now..

 

And your title is wrong, should be can not ssh to router, when router has vpn client connection.  Your not sshing through any vpn here at all..  You router making a connection to some vpn service should have NOTHING to do with it listening for ssh connections on its public IP.

  On 16/08/2016 at 10:13, BudMan said:

And when the pia vpn is off, this works just fine remotely to your routers public IP?  What router are you running.. That makes no sense at all and sounds like a bug in whatever router your running.

 

You sure its not just messing up your ddns when you connect the the vpn...  So your public IP is 1.2.3.4, your router connects to vpn and it gets IP address 4.5.6.7 or whatever so it registers that IP.  So now when you try and connect to this dynamic dns name your connecting to something else.

 

When it works what is the IP your dynamic dns resolves too.. ping the name, do a nslookup on the name, dig, drill, host your fav dns tool.. Something so you know what your public IP is.. Look on the routers status for its wan..  Then connect to the vpn, and give it a while, then check what this dynamic dns name resolves to now..

 

And your title is wrong, should be can not ssh to router, when router has vpn client connection.  Your not sshing through any vpn here at all..  You router making a connection to some vpn service should have NOTHING to do with it listening for ssh connections on its public IP.

Expand  

Indeed. Running an Asus RT-AC68U with Tomato 3.3-138 AIO-64K. You are correct, it must he the DDNS. When it works my DDNS resolves to my public IP from my ISP. When I enable the VPN it still shows my IP from my ISP.

 

pg7neVk.png

 

xEUz3au.png

 

In the options here it still shows my public IP rather than what I am receiving from PIA.

 

TdQ8CIi.png

huh??

 

Dude why do you think if you connect to PIA that you should then connect to your PIA IP to ssh to your router??

 

These PIA services rarely give you your own personal IPv4 address... Your sharing it with lots of other suckers, I mean users ;) Did you setup something on their end to forward ssh traffic down the tunnel to your routers private IP it got on the tunnel?  Is router ssh server listening on the tunnel IP?

 

So can you connect to your routers IP address ssh when your remote or not??  Forget whatever it is your thinking your doing with a tunnel. And a vpn client connect that is meant to route your users out the vpn so you can watch us netflix, etc..  Or hide whatever thing it is you want to hide from your ISP..

 

Use your routers IP directly not some dyndns address, etc.

  On 16/08/2016 at 13:09, BudMan said:

huh??

 

Dude why do you think if you connect to PIA that you should then connect to your PIA IP to ssh to your router??

 

These PIA services rarely give you your own personal IPv4 address... Your sharing it with lots of other suckers, I mean users ;) Did you setup something on their end to forward ssh traffic down the tunnel to your routers private IP it got on the tunnel?  Is router ssh server listening on the tunnel IP?

 

So can you connect to your routers IP address ssh when your remote or not??  Forget whatever it is your thinking your doing with a tunnel. And a vpn client connect that is meant to route your users out the vpn so you can watch us netflix, etc..  Or hide whatever thing it is you want to hide from your ISP..

 

Use your routers IP directly not some dyndns address, etc.

Expand  

I don't. I still only connect to my DDNS address. Even when I try to connect to my public IP it still won't work. Okay, so what is your recommendation for a VPN? AWS space with a VPN only you can use? No, I did not do that. My SSH server was listening on same port as the VPN, yes.

Ok, you have incoming and outgoing.  

 

Your outgoing is is fine leave it where it at.  

 

Your incoming cannot be used used with your outgoing.  Incoming connections into your network must be managed on your network not though your outgoing Vpn provider. 

 

your pia is outgoing only.  

"so what is your recommendation for a VPN"

 

For what reason are you using it?  What are you hiding from your ISP.. You want access to netflix us library - what is the reason you think you need a outbound vpn..  I use inbound vpn into my network remotely every day, etc..  I just don't get the need/want/use of services like PIA, Hidemyass, etc.  Might have some use when possible hostile network like open wifi, etc.  

 

I don't really see a legit reason for use outbound from your house to be honest..  Your worried neowin knows that IP you came from?

This topic is now closed to further replies.
  • Posts

    • Plasma 6.5 brings improved Emoji Selector, better performance in Activity manager, and more by David Uzondu This week saw the long-awaited release of KDE Plasma 6.4, bringing better window management and a whole lot of color management features. Apart from the release of 6.4, the KDE team was able to get other work done, and this was all outlined in the latest issue of This Week in Plasma, which details what is coming down the pipe for future versions. Looking ahead to Plasma 6.5, the developers are making some notable changes to improve performance and general usability. To prevent its database from growing endlessly and causing performance problems over time, the Activity Manager service will now only store the last four months of your history by default. The Emoji selector app is also getting a much-needed redesign that makes the window more compact and moves the sidebar button to the header for a cleaner look. Other little details for 6.5 are being polished up too. The unpopular vertical line separating the date and time on the horizontal Digital Clock widget is gone; if you want it back, you can add it yourself with a custom date format. The "Add New" button has also been moved to the top toolbar in the Shortcuts page within Settings, freeing up some valuable screen real estate. The devs also reduced the minimum size of custom tiling tiles, a small but significant fix for anyone with an ultrawide monitor. In addition to that, the Networks widget's captive portal banner now uses inline header styling, so it doesn't look like a bunch of frames stacked inside each other anymore. Of course, before we get to 6.5, the current release needs some attention. Plasma 6.4's first bug fix release, 6.4.1, addresses issues like broken item selection in the Folder View widget and a bug that could cause the system to lock or suspend faster than intended. Keyboard navigation in list views in Discover feels smoother now, and text is easier to read in certain list items in KRunner. The devs also cleaned up how list items look when you press or click them in Discover. 6.4.1 also fixes a bug where the clipboard history popup would fail to select the top item, and makes the Earth Science Picture of The Day wallpaper plugin work again after its data source changed. Here's the full list of fixes: Fixed several issues in the Folder View widget that caused selecting or opening items to not work when using certain non-default view settings, when the view was scrollable, or when using a touchscreen. Fixed a bug in the Meta+V clipboard popup that sometimes failed to pre-select the top-most item. The Clipboard settings window’s shortcuts page no longer shows columns for local shortcuts that don’t do anything, since the clipboard is global in scope. Fixed the Earth Science Picture of the Day wallpaper plugin after the source data changed formatting again. Made a few fixes to the “Missing Backends” section of Discover’s settings window that kept it from working properly. Fixed a bug that prevented direct scan-out (and its performance benefits) from activating on rotated screens. Fixed an issue where the system could lock or suspend sooner than expected after an app stopped blocking those actions. Installing a new wallpaper plugin no longer causes the plugin list combobox to appear blank. The team even went back to squash some bugs in the older 6.3.6, tackling an issue that could cause keyboard shortcuts to get lost during a system upgrade and fixing an overflow bug with KRunner's faded completion text. Plasma 6.4.1 is set to arrive on June 24th, with 6.3.6 following on July 8th.
    • UniGetUI 3.2.1 Beta 1 by Razvan Serea UniGetUI is an application whose main goal is to create an intuitive GUI for the most common CLI package managers for Windows 10 and Windows 11, such as Winget, Scoop and Chocolatey. With UniGetUI, you'll be able to download, install, update and uninstall any software that's published on the supported package managers — and so much more. UniGetUI features Install, update and remove software from your system easily at one click: UniGetUI combines the packages from the most used package managers for windows: WinGet, Chocolatey, Scoop, Pip, Npm and .NET Tool. Discover new packages and filter them to easily find the package you want. View detailed metadata about any package before installing it. Get the direct download URL or the name of the publisher, as well as the size of the download. Easily bulk-install, update or uninstall multiple packages at once selecting multiple packages before performing an operation Automatically update packages, or be notified when updates become available. Skip versions or completely ignore updates in a per-package basis. Manage your available updates at the touch of a button from the Widgets pane or from Dev Home pane with UniGetUI Widgets. The system tray icon will also show the available updates and installed package, to efficiently update a program or remove a package from your system. Easily customize how and where packages are installed. Select different installation options and switches for each package. Install an older version or force to install a 32bit architecture. [But don't worry, those options will be saved for future updates for this package] Share packages with your friends to show them off that program you found. Here is an example: Hey @friend, Check out this program! Export custom lists of packages to then import them to another machine and install those packages with previously-specified, custom installation parameters. Setting up machines or configuring a specific software setup has never been easier. Backup your packages to a local file to easily recover your setup in a matter of seconds when migrating to a new machine UniGetUI 3.2.1 Beta 1 changelog: Added per-package-manager default install options Added the ability to run pre-install/update/uninstall and post-install/update/uninstall commands Added the ability to kill process(es) before a package is installed/updated/uninstalled Block custom command-line arguments (and pre/post commands) behind a SecureSetting switch SecureSettings are settings that require administrator privileges to be switched. Bundles won't import custom arguments & custom commands by default Bundles will show a security report when importing potentially dangerous settings Added a better crash message for when UniGetUI files are missing Deep improvements to how bundles and InstallOptions are loaded from disk. Improvements to WebView lifecycle Download: UniGetUI 3.2.1 Beta 1 | 51.7 MB (Open Source) Links: WingetUI Home Page | GitHub | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • I'm just waiting on what they will do when outlook doesn't load properly, and you have to set a new profile as a test.
    • Weekend PC Game Deals: Rhythm bundles, fishing festivals, and DRM-free summer sales by Pulasthi Ariyasinghe Weekend PC Game Deals is where the hottest gaming deals from all over the internet are gathered into one place every week for your consumption. So kick back, relax, and hold on to your wallets. The Humble Store introduced the June Tunes collection this week. Coming in with music and rhythm titles, the bundle begins with Wanderson, Everhood, and Onde in the first tier for $5. Going up a tier by paying $8 gets you three more games: Rhythm Fighter, One Btn Bosses, and Oddada. Lastly, Trombone Champ, DJMAX RESPECT V, and Ragnarock lead the final tier, which are yours for $10. Just yesterday, Humble also brought out the Serenity Forge Storyteller's Bundle. This carries 12 indie games inside it, including LISA the Joyful and LISA the Painful, Neversong, Death's Gambit, Smile for Me, Long Gone Days, and more, all split into three tiers of prices. Replacing Two Point Hospital, The Operator landed as the latest freebie on the Epic Games Store earlier this week. The 2024-released indie title has you taking the role of a new hire at the Federal Department of Intelligence (FDI). Here you have to analyze evidence, fact-check, and try to solve a streak of mysterious crimes using the agency's advanced investigative software. However, as the story progresses, a conspiracy is revealed that paints the FDI in a different light. The Operator giveaway on the Epic Games Store is slated to last until June 26. On the same day, Sable will become the next freebie in the promotion. Free Events If you're looking to try out some games over the weekend without opening your wallet, there are three games having free weekend offers right now. Starting off, Paradox is offering its grand strategy experience, Victoria 3, to try out. The title has a much higher focus on state management than war and roleplaying compared to the company's other games. If that's too much of a tough start, Len's Island is temporarily free-to-play now too. This is a top-down perspective survival game with support for up to eight players in co-op, with combat, farming, dungeon diving, and other elements being included. Lastly, Dead by Daylight should be the most familiar to most. The multiplayer four-versus-one asymmetric survival horror game has you assuming the roles of survivors or the killer to see who can come out on top. Big Deals With the Steam Summer Sale only being days away, most publishers and developers are laying low to prepare for the big event. Still, we found quite a few games having some attractive discounts. Here's our hand-picked big deals list for this weekend: Red Dead Redemption – $29.99 on Steam Mount & Blade II: Bannerlord – $24.99 on Steam Timberborn – $24.49 on Steam BERSERK and the Band of the Hawk – $23.99 on Steam Wo Long: Fallen Dynasty – $23.99 on Steam Disney Epic Mickey: Rebrushed – $23.99 on Steam Jagged Alliance 3 – $22.49 on Steam [NINJA GAIDEN: Master Collection] NINJA GAIDEN Σ2 – $19.99 on Steam Alone in the Dark – $19.99 on Steam Last Train Home – $19.99 on Steam Len's Island – $19.49 on Steam Nightingale – $17.99 on Steam DYNASTY WARRIORS 8: Xtreme Legends Complete Edition – $16.99 on Steam Mortal Kombat 1 – $16.49 on Steam SOMA – $14.99 on Steam Victoria 3 – $14.99 on Steam Trepang2 – $14.99 on Steam Blasphemous 2 – $14.99 on Steam Wreckfest – $14.99 on Steam Expeditions: Rome – $14.84 on Steam EA SPORTS FC 25 – $13.99 on Steam STAR WARS Jedi: Survivor – $13.99 on Steam DRAGON BALL Z: KAKAROT – $12.99 on Gamesplanet Amnesia: The Bunker – $12.49 on Steam DREDGE – $12.49 on Steam Dead Space – $11.99 on Steam DAVE THE DIVER – $11.99 on Steam WILD HEARTS – $10.49 on Steam It Takes Two – $9.99 on Steam Dragon Age Inquisition – $9.99 on Steam Haven – $9.99 on Steam Hellboy Web of Wyrd – $9.99 on Steam Nova Lands – $9.99 on Steam BIOMUTANT – $9.99 on Steam Destroy All Humans! 2 - Reprobed – $9.99 on Steam Ghostrunner 2 – $9.99 on Steam Need for Speed Unbound – $9.79 on Steam Call of the Wild: The Angler – $8.99 on Steam DEAD OR ALIVE 6 – $8.99 on Steam Operation: Tango – $8.99 on Steam Katana ZERO – $8.99 on Steam Dead by Daylight – $7.99 on Steam Killer Frequency – $7.49 on Steam Nioh: Complete Edition – $7.49 on Steam Overcooked! 2 – $6.24 on Steam A Way Out – $5.99 on Steam Mass Effect Legendary Edition – $5.99 on Steam Darksiders Genesis – $5.99 on Steam Mortal Kombat 11 – $4.99 on Steam Titanfall 2 – $4.49 on Steam Golf With Your Friends – $4.49 on Steam STAR WARS Battlefront II – $3.99 on Steam Yoku's Island Express – $3.99 on Steam theHunter: Call of the Wild – $3.99 on Steam RoboCop: Rogue City – $3.74 on Fanatical Battlefield 2042 – $2.99 on Steam Road Redemption – $2.99 on Steam Shadow Warrior 2 – $2.99 on Steam Battlefield V – $2.49 on Steam Ultimate Fishing Simulator – $1.99 on Steam DRM-free Specials The GOG store has already kicked off its own summer sale, putting thousands of DRM-free games on sale. Here are some highlights: Cyberpunk 2077 - $23.99 on GOG God of War - $19.99 on GOG Fallout 4: Game of the Year Edition - $15.99 on GOG Fallout 4: Game of the Year Edition - $15.99 on GOG Dino Crisis Bundle - $15.29 on GOG Devil May Cry HD Collection & 4SE Bundle - $14.84 on GOG The Witcher 3: Wild Hunt - Complete Edition - $9.99 on GOG Vampire: The Masquerade - Bloodlines - $9.99 on GOG SPORE Collection - $7.49 on GOG Papers, Please - $4.99 on GOG Terraria - $4.99 on GOG SWAT 4: Gold Edition - $4.99 on GOG DOOM (2016) - $3.99 on GOG DOOM 3 - $3.99 on GOG CrossCode - $3.99 on GOG Mad Max - $2.99 on GOG Heroes of Might and Magic 3: Complete - $2.49 on GOG Heroes of Might and Magic 4: Complete - $2.49 on GOG World in Conflict: Complete Edition - $2.49 on GOG Alan Wake - $1.49 on GOG Mortal Kombat 1+2+3 - $1.49 on GOG RollerCoaster Tycoon Deluxe - $1.19 on GOG Keep in mind that availability and pricing for some deals could vary depending on the region. That's it for our pick of this weekend's PC game deals, and hopefully, some of you have enough self-restraint not to keep adding to your ever-growing backlogs. As always, there are an enormous number of other deals ready and waiting all over the interwebs, as well as on services you may already subscribe to if you comb through them, so keep your eyes open for those, and have a great weekend.
    • Is there a 'recovery' settings option in Settings? The one where we can rollback to a previous restore point. I find it very useful if there is some issue and I have to rollback to the last stable point.
  • Recent Achievements

    • Contributor
      GravityDead went up a rank
      Contributor
    • Week One Done
      BlakeBringer earned a badge
      Week One Done
    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      672
    2. 2
      ATLien_0
      269
    3. 3
      Michael Scrip
      240
    4. 4
      Steven P.
      165
    5. 5
      +FloatingFatMan
      159
  • Tell a friend

    Love Neowin? Tell a friend!