This is what the VPN's tech support sent over. I feel like I should already HAVE 12345 working for SSH but...it's not working, obviously: "The port 12345 will then be forwarded to your computer, so if you have a program listening on that port you should be able to reach connect to it when accessing the vpn servers exit ip:12345 so if you were connected to lets say abc17, you would then connect to abc17x.thisvpn.com:12345 If you'd want port 12345 to connect to lets say SSH running on port 22 on your local computer, you would then have to set up a local redirect on your computer using iptables."
And further sleuthing: It seems like I have successfully set up Port 12345 on my computer, because I can't ssh to myself at localhost, but I CAN if I ssh to myself at localhost on -p 12345. So now I'm thinking perhaps the issue is the router, or maybe the port on my VPN isn't actually open after all? Grrr.
Can you SSH to the machine directly at port 12345? You do need the "-p 12345" option to use a non-default port. Also, try the Python web server option. That's much simpler than SSH. Code: user@host:~$ python -m SimpleHTTPServer 12345 Serving HTTP on 0.0.0.0 port 12345 ...
I don't want a web server. I want to connect to the machine by SSH. But no, it doesn't connect when I try to ssh directly. ssh -p 12345 me@mycomputer.com Nor does this work: ssh -p 12345 myvpnaccount@mynewvpn.com Both get "Connection Refused." And like I posted above, the port (checking with nmap) doesn't seem to be open after all. So that's quite possibly the issue.
That VPN tech support advice seems like so much BS. I understand that getting static IP and enterprise grade connection with free ports to setup server at home can be costly, but really, if you can afford it, it's the way to go. So much less pain without having to deal with Dynamic DNS updates, Dynamic IP addresses changes, blocked ports, setting up reverse connections and the rest of BS that comes with consumer grade connections .... Or if enterpise connection too costly in your area or not available, get an VPS (that's Virtual Private Server not VPN) server (ramdone for example cost only couple of dollars per year or was it month?) and setup SSH (or if you want, your very own non-logging OpenVPN) server there and you can connect to it from anywhere from the world. Go to https://www.lowendtalk.com/ and ask for offers for VPS server located from some privacy respecting country. Heck, some VPS provides even provide bitcoin payments and minimal registering info.
I guess that's an option, but I think maybe I need to just ask this question in some other forums where people have experience with this stuff. What I'm asking about is not hard, people do it all the time without a static IP. Really, I want to solve the problem that the original post is about rather than just abort and try a different approach. Right now, it seems like the port that's supposed to be open ISN'T open and that's clearly a problem if that's the case. Like I said, on my side, my computer seems to have the port open and is listening correctly thanks to @mirimir 's help. ssh -p 12345 me@localhost works fine. ssh -p 12345 me@my.external.I.P gives me a "Connection Refused." So now I need to figure out why the port isn't open with the VPN. So let's hold off on giving up and getting something else and so on, at least for now. If you don't have a clear sense of what the next step is, no worries. But I'm not really interested in dropping everything and trying something totally new.
I get that. But it's an easy way to check whether the port is forwarded through the VPN. I meant to do that while the VPN isn't connected. If that doesn't work, SSH server isn't configured properly to accept connections on port 12345. And actually, I think that you need to tell SSH server to listen on your machine's public IP address (say "m.n.o.p") at port 12345. So: Port 22 Port 12345 ListenAddress m.n.o.p:12345 I wouldn't have expected that to work
If I turn off the VPN, I can connect both through 22 or 12345 no problem. ssh -p 12345 me@mycomputer.com or just ssh me@mycomputer.com No VPN, connect just fine. VPN...nada. Zilch. Just "Connection Refused." I think the VPN doesn't have the port open. And I haven't heard anything back from them about how to open it. I've tried several times. I guess maybe the option is to try a different VPN, perhaps. Grrrr. I like this one. Except for this issue...
Okay, one more wrinkle and I may have this. On a hunch, I scanned both UDP and TCP ports on the un-VPN-ed system and when I'm using it. un-VPN-ed, the open port is TCP 12345. VPN-ed, the open port is UDP 12345. I've got both UDP and TCP open on my router, but should I be telling SSH to look for a UDP port, perhaps? Not a TCP one? Or do I do this via the command line of ssh when I try to connect? Never a dull moment. Thanks for all the help thus far!
Oh, from the outside. I'm not sure why the VPN-forwarded port would show up as UDP. Maybe that's the problem. I mean, because SSH doesn't use UDP. So maybe VPN forwarding is setup to allow only UDP. With and without the VPN connected, run these locally: netstat -natp netstat -naup That'll show what's listening on which port(s).
I'm adding "grep ssh" to narrow things down a bit: Without the VPN running, TCP shows: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN 5441/sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5441/sshd tcp6 0 0 :::12345 :::* LISTEN 5441/sshd tcp6 0 0 :::22 :::* LISTEN With the VPN running: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN 5441/sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5441/sshd tcp 0 68 192.168.0.10:22 223.192.27.226:52926 ESTABLISHED 16764/sshd: root [p tcp6 0 0 :::12345 :::* LISTEN 5441/sshd tcp6 0 0 :::22 :::* LISTEN 5441/sshd And for UDP it's: No VPN: Nothing. With the VPN running: Nothing again (at least nothing with a "grep ssh") So...this means...SSH as we expected is only listening on TCP ports. Right?
Did you want to share all that? It does look like sshd is listening on TCP ports. Without the VPN connected, it's ports 22 and 12345. But with the VPN connected, it's ports 22 and 20820. Huh? Also, you're showing established SSH from a specific IPv4.
Thanks @mirimir What should I be seeing? And what is the "established" connection? What should I try next? I am no longer at the system so it'll be a few days before I can mess around again.
De nada With and without the VPN connected, you should be seeing: Code: tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5441/sshd tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN 5441/sshd tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::12345 :::* LISTEN 5441/sshd What confuses me is this, with the VPN running: Code: tcp 0 0 0.0.0.0:20820 0.0.0.0:* LISTEN 5441/sshd tcp6 0 0 :::20820 :::* LISTEN 5441/sshd Code: tcp 0 68 192.168.0.10:22 223.192.27.226:52926 ESTABLISHED 16764/sshd: root [p Figure out what's up with port 12345 without the VPN, and port 20820 with it. Maybe the VPN provider is forwarding your local port 12345 to port 20820 on their servers. If that's the case, you should be able to SSH to the VPN exit that you're using, at port 20820. and connect to local sshd on port 12345. I'll be here
Right. But this piece of gem from that VPN "advice" should already tell you and mirimir that you are probably wasting your time. "The port 12345 will then be forwarded to your computer, so if you have a program listening on that port you should be able to reach connect to it when accessing the vpn servers exit ip:12345" I will hold my breath what "advice" your VPN will have to say this time ....
In my experience, that is indeed how it works. You have port 12345 forwarded to VPN exit servers. While connected to a VPN server, you run (for example) "python -m SimpleHTTPServer 12345" in a folder containing "index.html". If you browse that VPN server's exit IP (which should be different from the connection IP, to prevent port-forwarding leaks) at port 12345, you see the content of "index.html".
Okay, @mirimir I am back. Ready to try to tackle this a bit more. I figured out the 20820 issue. So now when I run the stuff it looks like this with the VPN running: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN 5441/sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5441/sshd tcp6 0 0 :::12345 :::* LISTEN 5441/sshd tcp6 0 0 :::22 :::* LISTEN 5441/sshd I think the issue now is that I've configured SSH to listen on TCP port 12345 and 22, when the VPN only has UDP port 12345 open. So if I can somehow get SSH to listen there instead I'll be in good shape.
You won't get sshd to listen on UDP. There are some SSH "equivalents" that use UDP. So it's either that, or get the VPN to forward TCP and not UDP.
The word from the VPN tech guy is that both TCP and UDP are open. He said that issuing these commands shows it: netcat -l -p 12345 curl ifconfig.co/port/12345 If the output of the latter says "reachable: true" then it's open in TCP. It IS returning a "reachable:true" value. So he said it must be something in my firewall. But I have opened my router to port 12345, and without the VPN I can connect fine on both port 22 and 12345. Cannot believe how much of a nightmare this is turning out to be. Thanks again @mirimir for sticking with me on this. I don't know though...feel like I may just need to opt for a different VPN that can offer more in the way of tech support.
OK, good. Could anything be firewalling stuff on the VPN tunnel? De nada Debugging networking issues can be frustrating.
Please say more about this VM. It's Linux, you said? What distro? And where is it running? Locally, in VirtualBox or VMware?
