Ubuntu – Cisco VPN Connection only for ssh

vpn

In order to ssh into a computer I need to connect to its Cisco AnyConnect Compatible VPN (openconnect) server.

I can do that without a problem, but I would like only the ssh traffic to be routed using the vpn. Mainly because I want to be able to use remote desktop to access my computer and I cannot do that when connected to the vpn.

Is this possible? how?


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.9.1        0.0.0.0         UG    0      0        0 eth0
10.1.9.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0
128.143.1.0     0.0.0.0         255.255.255.0   U     0      0        0 vpn0
128.143.20.85   0.0.0.0         255.255.255.255 UH    0      0        0 vpn0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.35.48.194   10.1.9.1        255.255.255.255 UGH   0      0        0 eth0

Best Answer

  • The easiest way to do this is change your routing table.

    THIS DOES NOT SEND ONLY SSH TRAFFIC, IT SENDS ALL TRAFFIC SENT TO SSH TARGET.

    When you connect your Cisco VPN it probably changes the default route to go through your VPN tunnel. Try the following to get it to send all traffic except traffic destined for your ssh host out of your gateway and not the tunnel.

    MY_ROUTER=192.168.0.1
    SSH_TARGET=192.168.10.12
    CISCO_DEV_NAME=ppp0 # not sure what cisco call there tunnel devices check ifconfig -a when connected
    
    # Delete the default route
    sudo route del default
    
    # Change the default route back to your router
    sudo route add default gw $MY_ROUTER 
    
    # Add explicit route for ssh target to go through the tunnel
    sudo route add $SSH_TARGET/32 $CISCO_DEV_NAME 
    

    I am unsure how to do this automatically when you connect your VPN, I can do it with pptp but have no idea on Cisco anyconnect.

  • Related Question