For security reasons, my Slackware64-current computer is using iptables with everything dropped except for specific computers. Those on my home network are able to connect with my computer, as is my work computer, which has a fixed IP number. I'm trying to also set up access for my laptop, which needs to be able to connect from wherever I may be. After some research, I realized that I would need to create a VPN. I have been following the instructions for setting up openvpn found at https://docs.slackware.com/howtos:ne...rvices:openvpn in order to set up both the server (my desktop machine) and client (my laptop).

I have been able to set up the tunnel between the two machines and temporarily allowed ping to work in order to test the connections. This basically gets me through chapter 10 in the document. Since I am only need this to do a ssh/sftp connection from my laptop to my desktop, I haven't gone further yet. Unfortunately, ssh does not connect through the VPN. Do I need to add rules to iptables to let the client do more, configure the server to forward packets beyond the server, or something else?

I am taking a trip in a week and so need to finalize this relatively quickly. Any help is greatly appreciated!

Yeah, that's a firewall issue. But you can easily work around it by starting a reverse ssh session on the target machine. Eg:

Where 'user' is your username and xx.xx.xx.xx is the IP address of the machine you'll be connecting to it from. Leave the word 'localhost' in the command.

You can then connect to that machine by first connecting to the VPN and then:

Again, use the proper username, but leave the word 'localhost' in the command.

Note: You don't have to use port 22222, you can use any port up to 65535 (I think).

I use this to connect to my home machine from the office. The home machine connects to the VPN server in my office. Once I start the reverse ssh session on the home machine, I can ssh into it from the office. It doesn't work without the reverse ssh session because the home machine is behind a restrictive firewall.

I note that chapter 11 onwards of the documentation you linked only applies if the Slackware box is also your router & firewall. This is not the case for me.

With my setup, I found the OpenVPN documentation to be quite helpful: https://openvpn.net/community-resour...server-subnet/

There is one sentence in that document, which I will quote here: "you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines)"

In my case, this meant logging into the router and creating a static route to the VPN server.

1 members found this post helpful.