SSH freeze after OPENVPN launched over the tunnel

[jeanlikethis]

Hello,

I am planning to use OPENVPN over SSH tunnel to hide the VPN traffic. What I did is:

1. Start SSH with local port forwarding:

ssh remotehost -L 2222:localhost:1194

2. Config my OPENVPN config file so it will talk to local port 2222 instead of remote host port 1194;

remote 127.0.0.1 2222

3. start OPENVPN. I can see connection made and Initialization Sequence Completed. However, I found my SSH window which I setup the tunnel becomes freeze. And there is no actually connection (can't visit any website).

4. Then I stop the VPN using Ctrl+C, SSH window turns back alive.

Note that if I just OPENVPN, everything is fine and correct. I am using Linuxmint 19.1.

Would some one please help to see how to fix this?

Thank you very much.

[redlined]

hi jeanlikethis!

I see this is your first post, Welcome to the excellent Linux Mint forums!

Next, I did a quick search and see a better command and another idea to ensure it is working;

1. for ssh use ssh user@server -L 1194:localhost:1194

and in ovpn config you want to force TCP use.. this slows VPN down a bit, compared to UDP, but is necessary if/when you want to proxify or tunnel OpenVPN as well make ovpn look at remote as a localhost.
2. change the line proto udp to proto tcp
3. change the “remote” line of the server to remote localhost 1194

See if this helps.

[jeanlikethis]

Hello, redlined

Thank you so much for your nice words and help.

I have using linuxmint ever since Ubuntu changed the interface and added many paid tools in the software source.

I have tried your suggestions and unfortunately, SSH tunnel still freeze after OPENVPN connected.

What I have found is that if I follow the steps below, SSH tunnel would keep alive with OPENVPN.

1. Start openvpn first.
2. Start ssh with local port forwarding
3. disconnect openvpn
4. update ovpn file and use local port that has been forwarded in step 2 above
5. restart openvpn and this time it would work.

I think this might be a DNS or, iptable issue? start openvpn first and start ssh will have ssh using the routine table under vpn mode. Disconnect openvpn in step 3 will not restore ssh connection as it is active.

But I am not sure of this.

[redlined]

Hello, redlined

Thank you so much for your nice words and help.

I have using linuxmint ever since Ubuntu changed the interface and added many paid tools in the software source.

I have tried your suggestions and unfortunately, SSH tunnel still freeze after OPENVPN connected.

What I have found is that if I follow the steps below, SSH tunnel would keep alive with OPENVPN.

1. Start openvpn first.
2. Start ssh with local port forwarding
3. disconnect openvpn
4. update ovpn file and use local port that has been forwarded in step 2 above
5. restart openvpn and this time it would work.

I think this might be a DNS or, iptable issue? start openvpn first and start ssh will have ssh using the routine table under vpn mode. Disconnect openvpn in step 3 will not restore ssh connection as it is active.

But I am not sure of this.

hi jeanlikethis!

I usually prepend my comments with something like 'caveat lector' (re: reader beware, ima noob..iow- LM18.3 last Spring was my real intro to Linuxworld;) and I realize I know little of ssh in Linux and what I found in search to suggest was more towards you log into a remote ssh server and a remote openvpn server that you can modify configs on (e.g. both remote locations you have remote control over, as in a cloud sort of deal

ok, and either way, so lets sort this... ( i do tend to get wordy, sharing my thought processes to create a common thinking pattern, mansplaining i think it's called in certain sectors to which I respond- man as in a command to bring up info docs in terminal that may or may not be useful, I try to add the tl;dr facts into coherent thoughts expressed

anyways....

admittedly I have tunnelled openvpn through ssh, and ssl for that matter, but.. only in Windows and did use PuTTy to do so (actually kitty, but i digress) and realize now I need more info on how to solve this...

if your ssh server is not remote (fully outside of LAN space, beyond your internet gateway/ISP sort of deal), then you are doing something completely unnecessary by including ssh in the mix- even worse is overhead, which will equate to internet slowdowns for reasons both on doubling encryption and forcing TCP (which slows OpenVPN down a metricTON!;D) and in this case you want to set OpenVPN to use a socks5 proxy, to give it a ssh wrapper between you and ovpn server- this is where putty comes in handy, it port forwards your ssh connection thru to the ovpn server, then lets ovpn server deal with talking to it and the internets on the other side of it.

again, it is important to realize ssh wrapped protocol is gone once ssh server has decrypted it, so again, unless ssh server is remote from LAN then it is effectively doing nothing but slowing it all down for anything wanted from WAN (the big internets)

also, I think your success in the 5 steps you shared is working because OVPN ignores SSH tunnel when you reconnect after mod the ovpn config (and certainly iptables/ufw could be interfering as you wisely determine)

my computer> remote SSH server> remote OpenVPN server> good internets is what I think you want to do. If this is accurate then more info is needed, such as,

1. does your remote SSH server support socks v5? (v5 is crucial, in order to capture all, such as DNS requests) if so, use putty
2. Does your VPN provider support making TCP connections? if so, either make sure you have proto tcp eneabled for the server you connect to, or download their configs that support openvpn over tcp. (because SSH is not going to do what you want if UDP is protocol)

I will look for more commands to run to determine routing and whatnots that may be muckin up your connect, but for now that is what I got.. besides this article that better explains what to consider and how to setup putty to tunnel your ovpn over ssh through a local socks5 proxy:
https://kiljan.org/2017/11/15/routing-t ... cks-proxy/ (very explaining fella, I like!
https://www.comparitech.com/blog/vpn-pr ... sh-tunnel/
also see: https://superuser.com/questions/1356330 ... ssh-tunnel

my original ref for 1st response: https://redfern.me/tunneling-openvpn-through-ssh/

[jeanlikethis]

Thanks for the very informative respond.

I also used Putty + Openvpn under Windows 7 and it works with no problem. So, I would expand my idea to Linux and get the problem.

In Windows, I also use local port forwarding. I forward all my Openvpn to my local port 1195 which, I mapped to remote 1194 using Putty. It just works.

I suspect once I use SSH tunnel to wrap the Openvpn, Openvpn redirects all local traffic to Remote vpn server, this may affect existing SSH tunnel. But I don't know how to identify or, fix this problem.

Currently, I have my SSH server and OPENVPN server in the same computer ( a Linuxmint 18.3 box), Maybe I should use different computers for this.

[jeanlikethis]

This must be routing table issue......I guess.

[jeanlikethis]

Solved!

Thanks to redlined!! Socks is the solution.

[redlined]

hi jeanlikethis, I've been away from forums for a bit and catching up now- awesome that worked out for you! for clarify, did you use PuTTy (as your socks proxy) to get it to work?

also, please consider edit your initial post this thread (click pencil icon, top right) and add <Solved> to the title/subject, this is a forum norm and is designed to assist others who may search for solutions to similar issues. Thanks~