I have an issue with network connectivity over Open-VPN tunnel, but let me describe the situation first:
Let’s say that I have two servers in the same LAN: server A (RL9.4) and server B (proxmox latest version). I connect LAN using Open-VPN client from pfSense firewall.
Let’s say that https and ssh services run on both servers and both servers are in the same network… let’s say that no VLANs are configured.
I CAN connect both servers on 443 (https) port but I can connect ONLY server B on 22 port (sshd) from VPN client. I can ping/tracert from VPN client (windows 10) both servers.
The problem is I CANNOT CONNECT server A using ssh directly from Open-VPN client. I can ssh to server B and then ssh to server A - this works fine.
So… I tired disabling temporarily firewall, SElinux on server A but it did not help. I still cannot connect ssh… Actually I can but I got time out. The message is:
C:\Users\bzc0fq>ssh -vvv 192.168.xxx.xxx
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_rsa.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_dsa.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ed25519.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_xmss.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/bzc0fq/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\\Users\\bzc0fq/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug3: recv - from CB(2) ERROR:138, io:0000020FC928C1D0
kex_exchange_identification: read: Connection timed out
I did not see anything suspicious in log files on server A.
I do use fail2ban on server A, but I think this is not an issue… I tried disabling it and still not luck
Apart from ssh, samba shares are also not accessible from server A so I do not think this is ssh specific issue.
Any idea how to troubleshoot the issue further?
Thanks!