1

I am one of those angry American users who wants to use a VPN and deprive my ISP of my browsing history. Setting it up was fairly easy and it works fine. However, I found that when I use it, my dynamic DNS domain name seems to not be working. What I mean by this is:

I ssh to myself normally using "mydomain:~$ ssh me@myowndomainname.noip.com" and it works fine.

I turn on the VPN client. I verify that my IP address is now somewhere in Germany.

But then I try the same command and it says cannot connect to host, host is unavailable.

My initial thought was that the Noip update client hadn't run yet, but I could ping myowndomainname.noip.com just fine. I tried waiting 30 mins (the update client is set to check every 30 mins). Still no dice.

I run a VNC version of my desktop at home and need to reverse telecommute frequently...often to check something online like my bank account that I don't want work folks to see.

Can anyone tell me what's causing this? Is it a port-forwarding problem? My VPN allows me to open ports, but I don't know how to set up a proper connection. Do I need to be sshing to the VPN machine's IP address, not my Noip domain?

Also, does anyone know if I'll be getting the SAME IP address each time I use my VPN? If so, it seems relatively simple to make that address the one the Noip uses for the dynamic dns.

Please note: I have seen some similar questions but none with clear answers and/or command line instructions on how to set this up. Usually the answers are just "have you tried this?" For instance, a similar post has an answer of "Most people use a virtual machine" but it doesn't say how to set that up or what the virtual machine will need. Other answers seem to suggest that port-forwarding will solve it, but I don't know how to set that up to a VPN either. I run VNC, but this seems to happen both on VNC and on my local machine. For instance, running the VPN client either in a VNC window OR locally changes the IP address for both. So why would this solve my problem?

Vomit IT - Chunky Mess Style
  • 40,038
  • 27
  • 84
  • 117
confused
  • 161
  • 11
  • 1
    Possible duplicate of [SSH server can't be connected to when VPN is turned on](https://superuser.com/questions/347534/ssh-server-cant-be-connected-to-when-vpn-is-turned-on) – harrymc Apr 04 '17 at 18:17
  • I don't think it's a duplicate, though there is overlap in the situation. Plus, this question doesn't have any accepted answers. And (if I were to jump on that thread), running a vm doesn't seem to help either...as I mentioned above. Thanks again for any help you can offer! – confused Apr 04 '17 at 20:16

1 Answers1

1

When you use A VPN Service, all the traffic is routed from your Computer to the VPN Server and then to the internet.

When you try to connect to your SSH from your ISP's ip address, your computer gets the request but its replies through the VPN, so a proper connection cannot be achieved since a different machine answering to the request. Handshake cannot be done.

The problem you're describing is called Asynchronous Routing.

You should make modifications to the route tables in order your computer route the ssh connection through your landline and the rest of the traffic through the VPN.

If you want however to access your SSH through your VPN, like you mentioned you have to portforward through your VPN and run the NOIP Update script when you get a VPN IP from the Service you are using.

The question you made about if you will always get the same VPN IP, is strictly depends on the VPN Provider you use.

You can research a bit more on this thread on ArchLinux forums where a user had the same issue with you.

Devian
  • 586
  • 4
  • 12
  • Thank you, Devian. This is good info...I appreciate your time. Will check out that thread and hope it's got the info I need. The reason I want to access SSH is to make a ssh tunnel to view my VNC desktop. Would I portforward using the -R switch? Or does the VPN act the way a router would, with my system inside its network? Or is that totally not the same thing? – confused Apr 05 '17 at 01:33
  • So, I read through the thread, but the issue isn't that I'm doing something nefarious/embarrassing and want to hide some browsing and don't care about other browsing. My issue is that I just want Comcast to have a big blank "null" set when they look at my browsing history, whether I'm Googling for "apple pie recipes" or "hot pr0n." If I set up a virtualbox that's VPNed and don't have my host VPNed, then any browsing I do that's not via the virtualbox will be in the clear. What I'd ideally like to do is have ONLY my browsing use the VPN, I guess, with the email, ssh, and other stuff not. – confused Apr 05 '17 at 13:39
  • That said, if having email also routed via a VPN offers advantages, I might want email routed too. :-) I just still want to ideally have a clear route to port 22 on my machine. – confused Apr 05 '17 at 13:40
  • Is there any chance I could do this just via my IP? Meaning, if I always know my IP address, not the dynamic domain name, can I ssh directly if the VPN is on? – confused Apr 05 '17 at 13:41
  • The dynamic domain has nothing to do with your issue. It's a routing problem. Your domain translates back to your ip address and therefore it's the same thing trying to connect via ip or dyndns. In the thread a user is attaching a perl script for this. I haven't tried it but you could take a look at it. – Devian Apr 05 '17 at 15:44
  • Regarding your port forwarding on the vpn since your vpn provider allows it, you can look on their knowledge base or faq, about this. – Devian Apr 05 '17 at 15:45
  • 1
    I've pondered a bit and while it's not as convenient as I thought, I think the easiest option -- running a VPNed Virtualbox ON my non-VPNed server is the best way. Perhaps not as secure nor as seamless (I'll have to get in the habit of always using the VPN for my internet...) but it'll work. Thanks so much for the help...had no idea what to call it, so knowing "Asynchronous Routing" was a big help too. :-) – confused Apr 07 '17 at 23:07