Partially bypass route pushed by openvpn server

I have a VPS, which I'd like to hook up with OpenVPN to another server.
The connection works well, but once the vpn tunnel is established, I loose my ssh connection to the VPS.

If the ip I'm remoting the VPS from is w.x.y.z
I can
route add -net w.x.0.0/16 gw 192.0.2.1
prior to connecting leaves me in control of the server after the connection has been established, but then no traffic is sent over the vpn at all.

I would like to use the vpn for a number of ports, and "not the vpn" for a number of other ports.
What's the easiest/best way to solve this?
LVL 6
letharionAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

troubleshooter141Commented:
I take that you control both sides of the VPN (server and client)? what you are describing sounds like you need to configure split tunneling on your OpenVPN server to only tunnel traffic to the IP addresses you specify and not everything.

Check out this link http://openvpn.net/index.php/access-server/howto-openvpn-as/215-how-to-setup-routing-in-openvpn-access-server.html

I do not know of a way that you could only tunnel traffic for some ports but not others for the same IP address. To the best of my knowledge you either tunnel all the traffic for a specified address or you don't tunnel it.
It sounds as what you want to do is tunnel traffic to your second server but not traffic to your ssh client machine so that you can ssh to your VPS, vpn from the VPS to your second server and not lose your SSH connection.
0
letharionAuthor Commented:
>I take that you control both sides of the VPN (server and client)?
No, I'm not unfortunately.

>Check out this link
Thanks! :)

>I do not know of a way that you could only tunnel traffic for some ports but not others for the same IP address.
That's too bad, cause that is what I want. What exactly is the limiting factor.
Would a second external ip-adress for the VPS be a possible solution? Or perhaps I could use linux virtual servers?

>It sounds as what you want to do is...
Well, I would like the server to multitask ;) I would like it to be a webserver for the internet, I would like to be able to access files on the openvpn network, I would like to be able to remote control everything with ssh, and I would like to be able to do more things in the future.
Maybe I'm just aiming to high and should get two servers.
0
letharionAuthor Commented:
>>I take that you control both sides of the VPN (server and client)?
>No, I'm not unfortunately.
Still a bit unclear ;) I'm only in control of the client side of the openvpn connection.
0
tty2Commented:
You can add route to VPS host only:

route add -host w.x.y.z gw 192.0.2.1
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
troubleshooter141Commented:
Alright, let me make sure I understand correctly:
you have a VPS server that you SSH to from your PC, at the same time you want to VPN to another server FROM the VPS server and when you do that your SSH connection gets killed.

What you want to do is very doable. I can explain it better on Windows but I'll give it a shot..
You were on the right track with the add route command.
What you want to do is  add the route to the VPN range and use your VPN ip address as the gateway, then add another route with a 0.0.0.0 netmask 0.0.0.0 and use the VPS ip address as the gateway. You do want to give priority to these routes over the routes that automatically get configured on your server when you connect to the VPN. There is no need to split this off by port
# route add -net x.x.x.0 netmask 255.255.255.0 (or whatever range of IP's you want to access from the VPN)) gw x.x.x.x (Ip address you receive on VPN) dev eth0 (virtual interface created for the VPN connection)
# route add -net 0.0.0.0 netmask 0.0.0.0 gw x.x.x.x (ip address of the interface on your server) dev eth1(ethernet port that matches that IP address)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.