Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

techay
Hi,

I have a very very basic setup.  Not using any other pf rules other than what comes default with 6.2-Release and almost every other release.  Running OpenVPN works without a problem - able to connect as a client to a remote OpenVPN server.  Everything is properly routing, verified by checking my IP.

Problem is that as soon as OpenVPN is running, I cannot SSH in to my OpenBSD machine from any other machine on the Lan.  Now, I'm guessing this has something to do with the default route being changed automatically by OpenVPN but I am still a total newbie with routing and pf so I have not a clue how to fix this, especially in any sort of manner which I can safely assume it to be the correct way.

Can someone tell me how to resolve this?  Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

techay
It's currently a bit tricky for me getting into the box physically.  If only I had SSH access ha!

I'm almost 100% certain that returning packets are being routed over the tun0 (new default route) interface instead of em0.

Thanks

> -------- Original Message --------
> Subject: Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?
> Local Time: 24 October 2017 10:13 PM
> UTC Time: 24 October 2017 20:13
> From: [hidden email]
> To: [hidden email] <[hidden email]>
>
> you are more likely to receive help if you post the output of
> "ifconfig -a" and "netstat -nr" commands.
>
> On Tue, Oct 24, 2017 at 4:06 PM, [hidden email]
> [hidden email] wrote:
>
>> Hi,
>> I have a very very basic setup. Not using any other pf rules other than what comes default with 6.2-Release and almost every other release. Running OpenVPN works without a problem - able to connect as a client to a remote OpenVPN server. Everything is properly routing, verified by checking my IP.
>> Problem is that as soon as OpenVPN is running, I cannot SSH in to my OpenBSD machine from any other machine on the Lan. Now, I'm guessing this has something to do with the default route being changed automatically by OpenVPN but I am still a total newbie with routing and pf so I have not a clue how to fix this, especially in any sort of manner which I can safely assume it to be the correct way.
>> Can someone tell me how to resolve this? Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

Daniel Jakots-3
On Tue, 24 Oct 2017 16:25:08 -0400, "[hidden email]"
<[hidden email]> wrote:

> It's currently a bit tricky for me getting into the box physically.
> If only I had SSH access ha!
>
> I'm almost 100% certain that returning packets are being routed over
> the tun0 (new default route) interface instead of em0.

http://man.openbsd.org/pf.conf#reply-to should help you

>
> > -------- Original Message --------
> > Subject: Re: Running OpenVPN as a client breaks SSH access into
> > same box? Is it a problem with default route being changed? Local
> > Time: 24 October 2017 10:13 PM UTC Time: 24 October 2017 20:13
> > From: [hidden email]
> > To: [hidden email] <[hidden email]>
> >
> > you are more likely to receive help if you post the output of
> > "ifconfig -a" and "netstat -nr" commands.
> >
> > On Tue, Oct 24, 2017 at 4:06 PM, [hidden email]
> > [hidden email] wrote:
> >  
> >> Hi,
> >> I have a very very basic setup. Not using any other pf rules other
> >> than what comes default with 6.2-Release and almost every other
> >> release. Running OpenVPN works without a problem - able to connect
> >> as a client to a remote OpenVPN server. Everything is properly
> >> routing, verified by checking my IP. Problem is that as soon as
> >> OpenVPN is running, I cannot SSH in to my OpenBSD machine from any
> >> other machine on the Lan. Now, I'm guessing this has something to
> >> do with the default route being changed automatically by OpenVPN
> >> but I am still a total newbie with routing and pf so I have not a
> >> clue how to fix this, especially in any sort of manner which I can
> >> safely assume it to be the correct way. Can someone tell me how to
> >> resolve this? Thank  

Reply | Threaded
Open this post in threaded view
|

Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

techay
I will have a look into this tonight and see if I can figure it out with that.

Thank you

> -------- Original Message --------
> Subject: Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?
> Local Time: 24 October 2017 10:28 PM
> UTC Time: 24 October 2017 20:28
> From: [hidden email]
> To: [hidden email]
>
> On Tue, 24 Oct 2017 16:25:08 -0400, ["[hidden email]](mailto:%[hidden email])"
> [hidden email] wrote:
>
>> It's currently a bit tricky for me getting into the box physically.
>> If only I had SSH access ha!
>> I'm almost 100% certain that returning packets are being routed over
>> the tun0 (new default route) interface instead of em0.
>>
>> http://man.openbsd.org/pf.conf#reply-to should help you
>>
>>> -------- Original Message --------
>>> Subject: Re: Running OpenVPN as a client breaks SSH access into
>>> same box? Is it a problem with default route being changed? Local
>>> Time: 24 October 2017 10:13 PM UTC Time: 24 October 2017 20:13
>>> From: [hidden email]
>>> To: [hidden email] [hidden email]
>>> you are more likely to receive help if you post the output of
>>> "ifconfig -a" and "netstat -nr" commands.
>>> On Tue, Oct 24, 2017 at 4:06 PM, [hidden email]
>>> [hidden email] wrote:
>>>
>>>> Hi,
>>>> I have a very very basic setup. Not using any other pf rules other
>>>> than what comes default with 6.2-Release and almost every other
>>>> release. Running OpenVPN works without a problem - able to connect
>>>> as a client to a remote OpenVPN server. Everything is properly
>>>> routing, verified by checking my IP. Problem is that as soon as
>>>> OpenVPN is running, I cannot SSH in to my OpenBSD machine from any
>>>> other machine on the Lan. Now, I'm guessing this has something to
>>>> do with the default route being changed automatically by OpenVPN
>>>> but I am still a total newbie with routing and pf so I have not a
>>>> clue how to fix this, especially in any sort of manner which I can
>>>> safely assume it to be the correct way. Can someone tell me how to
>>>> resolve this? Thank