Score:0

ssh: connect to host 192.168.0.200 port 22: No route to host

kr flag

The context is the following:

I have installed Ubuntu server in a device at my home and set up a ssh server in this device. I can connect to this Ubuntu server through ssh without problems if the client device (Laptop in my case) is in the same local network. As I would like to access the server remotely, I installed openvpn3, this connection works fine too. But when I try to ssh (connected to another network, let's call "network B", than the server is, but with VPN connection active), I get the message:

ssh: connect to host 192.168.0.200 port 22: No route to host

I guess the reason is that network B's gateway tries to route to the devices inside network B's LAN instead of the server LAN. But I need to access the server's LAN in order to connect through ssh to my server with the private static IP address I set up to it.

Server's public IP:

$ curl ifconfig.me
181.31.117.40

Answering to @cocomac

Just to check the obvious... is it 192.168.0. 200 or 192.168.1.200? Typically 192.168.1.XYZ is the default –

Proof that 192.168.0.200 is the server's IP:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp37s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2c:f0:5d:78:39:a8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.200/24 brd 192.168.0.255 scope global dynamic enp37s0
       valid_lft 2528sec preferred_lft 2528sec
    inet6 fe80::2ef0:5dff:fe78:39a8/64 scope link 
       valid_lft forever preferred_lft forever

SSH when my laptop is in the same LAN:

sebastian@sebastian-Vostro-3405:~$ ssh [email protected] 
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-100-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Mon 28 Feb 2022 12:54:15 AM UTC

  System load:                      0.09
  Usage of /:                       13.5% of 97.93GB
  Memory usage:                     45%
  Swap usage:                       0%
  Processes:                        311
  Users logged in:                  0
  IPv4 address for br-5c5a41a7cc73: 172.19.0.1
  IPv4 address for br-974f16cf42ed: 172.18.0.1
  IPv4 address for docker0:         172.17.0.1
  IPv4 address for enp37s0:         192.168.0.200

 * Super-optimized for small spaces - read how we shrank the memory
   footprint of MicroK8s to make it the smallest full K8s around.

   https://ubuntu.com/blog/microk8s-memory-optimisation

0 updates can be applied immediately.


Last login: Mon Feb 28 00:48:56 2022 from 192.168.0.110
sebademasi10@home:~$ 

Now, changing to my neighbor's network, I connect thought VPN:

~$ openvpn3 session-start -c home 
Using pre-loaded configuration profile 'home'
Session path: /net/openvpn/v3/sessions/ca62d16csfcfcs43f1sa320s14f8bd92193e
Connected

Check Public IP:

sebastian@sebastian-Vostro-3405:~$ curl ifconfig.me
181.31.117.40

ip route:

$ ip route
0.0.0.0/1 via 192.168.255.5 dev tun0 
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 600 
128.0.0.0/1 via 192.168.255.5 dev tun0 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-aa3d18e9a788 proto kernel scope link src 172.18.0.1 linkdown 
172.19.0.0/16 dev br-7c64d12635b8 proto kernel scope link src 172.19.0.1 linkdown 
172.20.0.0/16 dev br-118925d85563 proto kernel scope link src 172.20.0.1 linkdown 
181.31.117.40 via 192.168.0.1 dev wlp3s0 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.110 metric 600 
192.168.255.1 via 192.168.255.5 dev tun0 
192.168.255.4/30 dev tun0 proto kernel scope link src 192.168.255.6 

NOTE:

  • Ther VPN server runs inside a Docker container

I hope this is easy to understand, please feel free to ask for any other details you consider needed. Thank you in advance.

cocomac avatar
cn flag
Just to check the obvious... is it 192.168.0. 200 or 192.168.1.200? Typically 192.168.1.XYZ is the default
waltinator avatar
it flag
[Edit] your Question and show us `ip route`. Don't reply via "Add Comment".
kr flag
Done @user68186
ar flag
I still don't understand what you are trying to do. If you connect your laptop to the **neighbor's network** and not connect to the VPN, can you `ssh` into your home Ubuntu server using the external IP address of your home network? Once you connect to the "home" VPN, can you ping `192.168.0.200`? What is the purpose of the "home" VPN: (a) access the internet using your "home" ISP as the gateway, or (b) access the computers in your "home" network from outside, or both (a) and (b)?
kr flag
@user68186 I have enabled ssh to access server within the home LAN, so if I do `ssh [email protected]` it works if the client is connected to same LAN than server. Your (b) describes better my purpose. At my work I can use the private IP address to connect throught ssh i.e `ssh 10.250.28.28` to devices within of the same LAN in which VPN server runs. I think I need a way to tell that 192.168.0.200 is outside the neighbor's LAN and it belongs to 185.x.x.x (public IP of home network)
ar flag
Please read [the **first part** of this answer](https://askubuntu.com/questions/1267872/remote-desktop-access-between-2-ubuntu-20-04-devices-over-the-internet/1267978#1267978) and verify that you have setup your openvpn profile to do (b) and not (a). Some routers have built-in VPN server that allows (b) kind of access to your home network.
ar flag
Putting the VPN server inside a docker container adds another layer of complexity. Also see [How to enable OpenVPN access to ONLY the internal LAN](https://askubuntu.com/questions/776324/how-to-enable-openvpn-access-to-only-the-internal-lan)
kr flag
Honestly I don't know how to check whether the profile of VPN I set up is able to do your (b) option. Can you help me with that?
Score:0
kr flag

I have solved this by manually adding (after connect to VPN) the route as follows:

ip route add 192.168.0.200 via 192.168.255.5

Where:

  • 192.168.0.200 is the server's private IP
  • 192.168.255.5 is the IP of the gateway in the server network

I realized this by checking ip route:

$ ip route
0.0.0.0/1 via 192.168.255.5 dev tun0 
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 600 
128.0.0.0/1 via 192.168.255.5 dev tun0 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-aa3d18e9a788 proto kernel scope link src 172.18.0.1 linkdown 
172.19.0.0/16 dev br-7c64d12635b8 proto kernel scope link src 172.19.0.1 linkdown 
172.20.0.0/16 dev br-118925d85563 proto kernel scope link src 172.20.0.1 linkdown 
181.31.117.40 via 192.168.0.1 dev wlp3s0 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.110 metric 600 
192.168.0.200 via 192.168.255.5 dev tun0 
192.168.255.1 via 192.168.255.5 dev tun0 
192.168.255.4/30 dev tun0 proto kernel scope link src 192.168.255.6
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.