Connection to server running openfortivpn closes after startup of tunnel #291
Comments
|
I've tried --half-internet-routes=1 but it didn't work to keep my ssh connection open |
|
I'm not sure I understand the details. Perhaps you can provide the following information:
|
|
Do I understand correctly, that you are connected via ssh to a server on AWS and you run openfortivpn there, on the remote side? And the problem is that your ssh connection stops working when openfortivpn configures the routes? |
|
@DimitriPapadopoulos The tunnel works when I run it locally from my desktop. It probably works too when I run it on the VPS but I get disconnected so I can't check any logs. Running openfortivpn 1.6.0. @mrbaseman that i's my issue indeed. I connect with ssh to my vps. On the vps I run openfortivpn. At startup, once it comes to "adding routes" a few seconds later my SSH connection to the VPS is lost and the only way I can get back in is rebooting the machine. So I should be able to ... add a route for my SSH client on the VPS? Before I found openfortivpn I was using forticlient-sslvpn_4.4.2333-1_amd64. I had build some EXPECT scripts and a wrapper to open multiple instances. But once I set it up on a server I had this issue that my own ssh connection gets dropped so hoping that openfortivpn would be a better tool. and the parameter --half-internet-routes=1 seemed like the thing I needed. but it had the same behaviour sadly. --no-routes helped but then I couldn't reach any of the servers behind the tunnel ( because obviously the routes for it were not added ) So yeah i'll look into SSH_CLIENT... |
|
I understand now, thanks for the explanations. The VPN is disconnecting SSH by design. You'll have to define a specific route for SSH manually. |
|
For example you could use |
|
A host route for the ssh connection should be sufficient. Anyhow, since your goal is to open several tunnels at the same time you probably have to configure routes manually. Otherwise you would probably end up with a setup in which you connect the second tunnel through the first one, and the third through the second and the first one etc. If the host route approach doesn't work and you want to figure out which routes would be configured, and if you have persistent logs across reboots on your server, you could use |
|
@mrbaseman Thanks I will have a look at setting the routes manually after the vpn connection is established. This seems to be the best solution. |
Hello, hoping you can guide me in the right direction with my issue.
I'm using openfortivpn and before just forticlient sslvpn for linux.
I need to open some tunnels to fortigate vpns but once it opens a tunnel my SSH connection to the server is lost. I can't reach the server anymore which is an issue. I've ran with --no-route and --nopeerdns tags and when I did that I did not get disconnected but, the tunnel didn't work ( I assume because the correct routes and nameservers didn't get added)
When I run this package on a local desktop with ubuntu 16.04 everything is fine
any idea how I can make the previous routes not be forgotten when starting openfortivpn?
I think this is my issue
The text was updated successfully, but these errors were encountered: