The difference being is that I'm not trying to connect to my workstation via the public IP address of the VPN endpoint. I'm trying to connect to my workstation from outside of MY LAN via the public, static IP address handed to MY router by MY ISP.
My router can see my workstation behind it and ping it successfully, so logic says that the router's port forwarding is working fine and that the issue is with my workstation's network interface.
The thing is, that very same interface is addressable from inside the LAN, so it's not as if it's suddenly lost its IP address. The data flowing through the VPN tunnel via tun0 will travel physically over the Ethernet card, but any data flowing onto the LAN will do the same via eth0.
I'm not trying to "ssh a tunnel". I'm trying to connect to my workstation via SSH for a remote session. Two completely different things.
Finally, all other services (such as web servers) for which I have port-forwarded from my router's WAN interface to my workstations LAN interface are also affected.
My "workstation" and my "PC" are the same machine.
Having re-read your last post, there are a few things that need to be clarified.
1. OpenVPN is an SSL VPN. This means that it tunnels IP packets through a TCP or UDP socket which is encrypted using SSL. This is not "IPSec made easy"or indeed anything to do with IPSec - the two technologies might make use of IP packets, but that's where the relationship ends. By the way, OpenVPN uses port 1194 - it no longer uses port 5000.
2. Secondly, my own home router does not disappear when the VPN tunnel is up. It's WAN interface is still addressable via its static IP provided to it by my ISP. I know this works because I've tested its remote management capabilities from outside my LAN.
3. So, to go over the points again:
a) My workstation is connected to my router via a single Ethernet connection with address 192.168.1.253.
b) My router is connected to the LAN via Ethernet, with an address of 192.168.1.1
c) My router can ping my workstation and vice versa
d) Other devices on the LAN, such as laptop and phone, can see the workstation and the router, and
connect to them via HTTP, SSH or other TCP/IP services.
e) My router remains addressable from the public Internet, via the static IP assigned to its WAN
interface, whether the VPN tunnel on my workstation is active or not. The router is NOT involved
in the tunnelling.
f) The VPN tunnel starts on my workstation and ends at a server owned by a commercial VPN provider.
They do not offer "proxies", and they do not provide my workstation with an Internet-routeable IP
Finally, the port forwarding set up in my router, to provide a "hole" from the router's WAN interface to my workstation's LAN interface only connects successfully when the VPN is down. This should not be the case, since the router is not part of the tunnel, and in fact will see it as a standard TCP or UDP connection.
I suspect that the culprit is the routing table on the workstation. I think that the incoming connection is coming in on eth0 but the return channel is being routed over tun0, and therefore not back through my router.
Edited by parityboy - 6/20/11 at 4:40pm