How to login/ssh into vyos from outside true a lan?

Hello guys,

I have a problem since i use Vyos and never founded a way to fix this, to be able to login into vyos true ssh from home or another location true lan witch is ower office and it has another ISP just for office, we dont whant to mix with the rack.

So i got this

Interface IP Address S/L Description


eth0 192.168.100.101/24 u/u Local Connect

eth2 xxxx56.187/29 u/D ISP 1
eth4 - u/D
eth4.2288 xxxx224.130/30 u/D ISP 1
eth4.2291 xx224.110/30 u/D ISP 2
eth5 - u/D
eth6 xxxx.176.1/23 u/D 10GB Port > Switch
xxxxx.88.1/24
xxxx81.1/24
xxxx4.1/23
lo 127.0.0.1/8 u/u
::1/128

This “eth0 192.168.100.101/24 u/u Local Connect” is connected to an Ubiquity router witch we use it only for office conection, another ISP line not to mix with the rack ISP providers.

All the ports ar opened, from ower offices PC example My PC local IP: 192.168.100.130 im able to ssh into the vyos, but when im home or in another location, i`m unable to ssh into it, so i have to use ower gateway ips from bgp to login into it, witch is not ok, in case ISP 1 and ISP 2 dies we ar unable to login into it, so i have to go and check it at the location.

To be more clearly, i whant to acces vyos ssh ower local conection but not only from the office.

I strugle with this for mo, and i was braking google search, daily. :expressionless:

Thank you

I think you need some tunnel with ubiquity
Gre/openvpn/wireguard or something another.
Not sure what is that platform supported.
So how do you want connect if both isp is down?

Hello,
True eth0 192.168.100.101/24 u/u Local Connect

Conected to the same ubiquity on another port i have a mikrotik, on witch i play with it as i just whant to learn it and i`m able to acces it from home, on the mikrotik i have pluged an server just for testing from Local > Mikrotik > Server and is working, but from Local > Vyos Router not.

If I understand correct you need to configure DNAT on ubiquity site

HOME => xx.125.34.36 port 2222 => 192.168.100.101 port 22
So all connections for External address of ubiquity and port 2222 will be translated to ip address 192.168.100.101 port ssh.

Have them on the other server true the mikrotik is working, on the vyos nop

I founded this in the vyos

Jan 28 13:00:50 router sshd[15053]: Server listening on 0.0.0.0 port 22.
Jan 28 13:00:50 router systemd[1]: Started OpenBSD Secure Shell server.
Jan 28 13:00:50 router systemd[1]: opt-vyatta-config-tmp-new_config_14845.mount: Succeeded.
Jan 28 13:00:51 router commit: Successful change to active configuration by user vyos on /dev/pts/0
Jan 28 13:00:52 router kernel: [175109.430537] net_ratelimit: 402 callbacks suppressed
Jan 28 13:00:52 router kernel: [175109.430554] IPv4: martian source xx.34.24.36 from xx.34.24.1, on dev eth0

And it gives me right in a secand Network error: Connection refused like it refus the connection and not theat is not open

Try to connect to ssh and dump traffic

sudo tcpdump -nnti ethX port 22

Where ethX - your LAN interface

I`m confused now :slight_smile: i login to vyos true local from local PC and sudo tcpdump -nnti eth0 port 22

IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147744768, win 17, length 0
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147744592, win 18, length 0
IP 192.168.100.101.22 > 192.168.100.1.63589: Flags [P.], seq 147747424:147747776, ack 193089, win 794, length 352
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147745568, win 14, length 0
IP 192.168.100.101.22 > 192.168.100.1.63589: Flags [P.], seq 147747776:147748032, ack 193089, win 794, length 256
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147745008, win 16, length 0
IP 192.168.100.101.22 > 192.168.100.1.63589: Flags [P.], seq 147748032:147748176, ack 193089, win 794, length 144

vyos@router.101# show service ssh
disable-host-validation
listen-address 0.0.0.0
port 22
[edit]
vyos@router.101#

Somnehow vyos it drops my connection or the kernel or iptables and is not an network issue

Now i see this in logs

Jan 28 12:42:42 router zebra[1299]: [EC 4043309103] Context received for kernel nexthop update without an interface
Jan 28 12:42:42 router zebra[1299]: Extended Error: Invalid nexthop id
Jan 28 12:42:42 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWNEXTHOP(104), seq=99598072, pid=4083494108
Jan 28 12:42:42 router zebra[1299]: Extended Error: Nexthop id does not exist
Jan 28 12:42:42 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=99598073, pid=4083494108
Jan 28 12:42:42 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601539) into the kernel
Jan 28 12:42:42 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601538) into the kernel
Jan 28 12:42:42 router zebra[1299]: 0:192.230.89.0/24: Route install failed
Jan 28 12:42:43 router zebra[1299]: [EC 4043309103] Context received for kernel nexthop update without an interface
Jan 28 12:42:43 router zebra[1299]: Extended Error: Invalid nexthop id
Jan 28 12:42:43 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWNEXTHOP(104), seq=99598083, pid=4083494108
Jan 28 12:42:43 router zebra[1299]: Extended Error: Nexthop id does not exist
Jan 28 12:42:43 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=99598084, pid=4083494108
Jan 28 12:42:43 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601539) into the kernel
Jan 28 12:42:43 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601538) into the kernel
Jan 28 12:42:43 router zebra[1299]: 0:197.242.252.0/24: Route install failed
Jan 28 12:42:44 router zebra[1299]: [EC 4043309103] Context received for kernel nexthop update without an interface
Jan 28 12:42:44 router zebra[1299]: Extended Error: Invalid nexthop id
Jan 28 12:42:44 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWNEXTHOP(104), seq=99598107, pid=4083494108
Jan 28 12:42:44 router zebra[1299]: Extended Error: Nexthop id does not exist
Jan 28 12:42:44 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=99598108, pid=4083494108
Jan 28 12:42:44 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601539) into the kernel
Jan 28 12:42:44 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601538) into the kernel
Jan 28 12:42:44 router zebra[1299]: 0:131.196.133.0/24: Route install failed

Try to delete the firewall from LAN network, I don’t see drops in the dump.

I made a proxmox server with the same ip, same cable, like switching vrom vyos to proxmox and is working :slight_smile: so i think there is a strange think on vyos and i dont understand why.

How other they access theyr vyos server if BGP is dead ? :slight_smile:

Hi.
Could you post your vyos config?
from operational mode, run the following.
show configuration all
I thought there is a mask setting to automatically mask things for privacy, but i can’t find it.