First I connected to server B’s vpn and ssh into server B from my local machine. Then I continue ssh into server A but fail. Machine B with VPN and machine A both with private network setup. I’ve checked my ip when I connected to the vpn, the ip is machine B’s public ip.
The iptable rules are as follow: (A) sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -A INPUT -p tcp -s <server B private ip> --dport 22 -i eth1 -j ACCEPT sudo iptables -A OUTPUT -p tcp -d <server B private ip> --sport 22 -o eth1 -m state --state ESTABLISHED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT
(B) openvpn sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -A INPUT -p tcp -s <server A private ip> --dport 22 -i eth1 -j ACCEPT sudo iptables -A OUTPUT -p tcp -d <server A private ip> --sport 22 -o eth1 -m state --state ESTABLISHED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT sudo iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT sudo iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
What I’m trying to achieve is ssh from machine B into machine A with private network ip while connecting to machine’s B openvpn.
No other firewall setup because I am testing the behavior of iptable with openvpn. Anyone can help to explain? Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I’ve check and notice none of the arp entry is private network address and using private network interface. Is this normal? Is this the reason of the connection not working?
Hey friend!
That is a tough one. I’ll try to offer any help that I can to surface the issue. I think we can simplify this a bit by removing the VPN logic from the thought process at least. Once connected to B over SSH, the connection you are troubleshooting is from B to A. The theory being that this would work or fail regardless of whether or not you were connected to or needed the VPN to connect to SSH on B, as the connection is purely B -> A at that stage. With that as a framework, we can reduce the question to this:
Why can’t B connect to A’s SSH server over private network?
So then I would ask:
- Are you certain that the private network is properly configured and functional on both machines?
- Are they able to ping each other over the private network?
- Is your VPN assigning client space in the IP range of the private network for either machine?
Hopefully this at least exposes a path for further troubleshooting.
Jarland
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.