Denied ssh to host with active VPN connection

Hi,

I can easily connect to my mac from the internet via ssh or MacOS screen sharing when VyprVPN is disconnected. However, it’s not the case when the vpn is connected.

I’ve turned on Connection Per App with default set to ‘bypass’ with only a single app to Require VPN. Even then, I seem unable to hit directly my IP address.

I would think that only the Vpn’d app’s traffic would be balanced through tun0 and all other traffic to go through en0, but I’m probably missing something obvious here.

Worth mentioning that I also use Little Snitch, but all connections for these services are allowed. Plus, things work fine when the VPN is inactive.

Hope someone can help me get things working.
Thanks!

Hello,

I’m sorry to hear of the trouble.

Does the issue persist if you temporarily disable Little Snitch entirely?

Is this a new issue, or has this always been an issue? If this is a new issue, have you recently updated the VyprVPN app?

Regards,
Logan
Golden Frog Technical Support

Hi Logan,

Thanks for the quick reply!

Still doesn’t work unfortunately.

It’s always been an issue since I bought the Mac last year unfortunately, and last weekend I really thought it was down to my setup, so I did a fresh install of MacOS on the Mac Mini and only installed Chrome, Little Snitch, VyprVPN and say, Spotify which needs to go through tun0.

Using ipleak.net (or Golden frog’s version) I can tell that Chrome is going through en0 and that Spotify is going through the tunnelled connection, sweet.

A colleague has suggested that I should try to assign a static local ip to tun0 different that the that mac’s one (e.g. 192.168.8.8 for en0 and 192.168.8.9 for tun0). Is that possible without ditching the official VyprVPN app and having to rely on a custom setup of OpenVPN instead?

Any ideas? Is my router’s set up screwed? I have PAT/Port Forwarding set up to send :22 to the Mac local’s ip. Maybe when I request SSH from the outside world the router sends me to the tunelled connection by default instead of the other…

Thanks for any help!!

Hello @DesperateForAJob,

I’m sorry to hear you’re still having that trouble!

Can I have you temporarily disable the NAT firewall option on the VPN connection? You can do that by logging in at at https://www.goldenfrog.com/login then click the VyprVPN tab and you can disable the NAT firewall there.

Let us know if you encounter that same trouble with that setup or not that should let us know if this is occurring because the SSH request is being routed over the VPN or not.

Thanks @JustinS for your suggestion. I’ve tried this (quitting and relaunching VyprVPN on the host after NAT was disabled) and unfortunately I saw the same results.
SSH works when the VPN is disconnected, and times out when the VPN is connected.

Hmm this case can be closed…

running ifconfig I realised I had both a wired and a wireless connection active on the host, with two different local ips. Port forwarding was routing connections sort of randomly to one or the other, resulting in my incomprehensions.

Well, this took way too much to solution, thanks again for the support.