Overcoming VPN and ExpressVPN SSH IP Firewall issues on Cloud Servers

When using SSH with a VPN service like ExpressVPN or a European VPN, it can happen that you can not connect if you have an IP address firewall.

Here’s how you can probably solve it:

Introduction:

When utilizing SSH alongside VPN services such as ExpressVPN or other European VPN providers, encountering connectivity issues due to IP address firewalls is not uncommon. This situation arises because SSH packets are routed through the VPN, rather than directly through your server’s public IP address. However, there’s a solution to this predicament that involves tweaking your server settings. Below, we delve into how you can effectively address this issue, particularly in the context of cloud servers like those provided by AWS.

Solution:

To resolve the issue of being locked out of your Virtual Private Server (VPS) due to VPN-induced IP address routing, adjustments need to be made to your server’s routing table. This ensures that SSH traffic is correctly directed through your server’s public IP address. Let’s illustrate this solution using AWS terminology and a sample IP configuration.

Setup:

Assuming your server’s setup on AWS or another cloud provider. We’ve taken these IPs as an example:

  • Public IP: 203.0.113.10
  • Public IP Subnet: 203.0.113.0/24
  • Default Gateway: 203.0.113.1
  1. Go to your server’s Firewall.
  2. Whitelist in your firewall:
    • Destination: 203.0.113.10/32 (port 22)
    • If that does not work: you can also include all the ip addresses up to 203.0.114.0 by adding: 203.0.114.0/32. But the poses a bigger security risk.
  3. Whitelist in your firewall as well:
    • Destination: 203.0.113.0/24 (port 22)
  4. Once the routes are set up, initiate your VPN connection.

All on your own risk of course.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top