My request is only to connect from lan by public address.
Have you tried it, or it is expectation?

I just can't connect to it from lan using its public IP address.
We are exploring this issue.

Sure, no problem. Yes, I've tried it a few times, like this:

eileen@vaio:~$ ssh bruno@73.226.70.41

Cursor just blinks and eventually the connection attempt times out.

In what case, 2)? 3)?

(Last edited by ulmwind on 23 Sep 2017, 23:00)

Case 3. Openvpn is on. Vpnbypass is on. My/target laptop (running ssh server) is on vpnbypass subnet, has local IP of 192.168.10.61. Router has port forwarding of wan port 22 to 192.168.10.61

If I try connecting from wife's laptop to my laptop, using my laptop's *public* IP, I can't. It makes no difference whether her laptop has a DHCP local IP (i.e., she's on vpn) or if she's on the vpnbypass subnet.

OK, also try to move you laptop to vpn-lan subnet, what is result from connection from second laptop in the same vpn-lan subnet?

And what is in case 2)?

(Last edited by ulmwind on 23 Sep 2017, 23:12)

In case 2 (i.e., openvpn on, vpnbypass off), all laptops have VPN provider's public IP. VPN provider doesn't make it easy (if even possible) to forward ports. It doesn't work nor would I expect it to.

Port forwarding both from lan and wan side is configured on your router, we are exploring just it, it is not affected by your provider, if wan interface of your router has public IP! Please, post output of

ifconfig

from your router.

Try formally to connect to it from lan using its public IP address, as you've done in case 3), for case 2).

(Last edited by ulmwind on 23 Sep 2017, 23:25)

Even though I didn't understand it, I tried it anyway on your say-so...and was greatly surprised. I get it now.

While vpnbypass was still on, I made a note of my laptop's public IP address. Then turned vpnbypass off in router. My laptop's local IP hasn't changed (still 192.168.10.61, same as in router's port forward rule), but its public IP has changed from ISP's to VPN's. So far, nothing new to me.

What I sort of knew in a vague way but failed to fully grasp is the fact that the router still has both ISP's and VPN's public IP addresses on the two respective interfaces. Wow, this sank in pretty good now.

I can confirm that running this command works when openvpn is on but vpnbypass is off in the router:

eileen@vaio:~$ ssh bruno@73.226.70.41

The last mystery is why the above command fails when vpnbypass is on.

(Last edited by GNUser on 24 Sep 2017, 00:38)

BTW, we'll be away on vacation from tomorrow to Tuesday. I should be able to do one or two more experiments between now and when we leave, but then there'll be some radio silence until Tuesday night.

(Last edited by GNUser on 24 Sep 2017, 00:37)

Thank you for confirmation of my assumption 8-)
The result is as it was expected. I can explain you principle, if you wish, but it is better to do via Skype, e.g.
What is next step?
1) To explain you principle.
2) To try to solve the issue, modifying routing table.
3) To adapt script in another topic.
Please, decide, and after your vacation we'll return to it.

Sounds like a great plan. We'll resume upon my return. You rock!

Hi, ulmwind. I'm back. Please sign me up for 1-3 above.

Regarding #1, explaining the principle is quite a generous offer (especially given that I know very little about networking/routing). Therefore, I would gratefully accept the explanation in whatever format is most convenient for you. If Skype is what you would prefer, please contact me at routernoob AT dantas DOT airpost DOT net so that we can arrange a time that would work for you.