I’m using openconnect to connect to vpn. After entering my credentials, I get this:
POST https://domain.name/... Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 30 Connected tun0 as xxx.xxx.xxx.xxx, using SSL Established DTLS connection
Running ifconfig shows I have a new network interface tun0 with a certain ip address.
Question: How do I make ssh use only the network interface tun0 so that I can access computers on that private network?
Edit:
My network configuration (route -n) seems to be this:
172.16.194.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.16.25.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
It’s not the ssh client that decides through which interface TCP
packets should go, it’s the kernel. In short, SSH asks the kernel to
open a connection to a certain IP address, and the kernel decides
which interface is to be used by consulting the routing tables.
(The following assumes you’re on GNU/Linux; the general concept is the
same for all Unices, but the specifics of the commands to run and the
way the output is formatted may vary.)
You can display the kernel routing tables with the commands
route -n and/or
ip route show.
OpenConnect should have added a line for the tun0 interface;
connections to any address matching that line will be routed through
that interface. For example, running route -n on my laptop I get
the following output:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.30.0.1 0.0.0.0 UG 0 0 0 eth0 10.30.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
This means that connections to hosts in the 192.168.122.0/24 (i.e., addresses 192.168.122.0 to 192.168.122.255 according to CIDR notation) network
will be routed through interface virbr0; those to 169.254.0.0/16 and
10.30.0.0/24 will go through eth0, and anything else (the 0.0.0.0
line) will be routed through eth0 to the gateway host 10.30.0.1.
Method 2
I don’t know when it was introduced but the OpenSSH client on RHEL7 has this in its manpage:
-b bind_address
Use bind_address on the local machine as the source address of the connection. Only useful on systems with more than one address.
Not as good as being able to choose the interface, but close.
Method 3
Just addition of an Answer. You can use -b flag and define your source IP at access time.
Format + Example
ssh -b interface-ip remote-ip ssh -b 10.11.22.40 10.11.22.38
Method 4
If you are using Network Manager to manage your internet connections (as is the default manager on many systems), you may want to install both openconnect and network-manager-openconnect.
Once the OpenConnect plugin is installed for Network Manager, open Network Manager and click the + icon in the lower-left. You should be given a combo-box with the option VPN and then the ability to select OpenConnect Compatible VPN.
By using Network Manager to interface with OpenConnect, your routes will automagically appear and help you connect to the VPN. This is especially helpful for accessing servers over VPN, such as how FireHost does things.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0