SSH and Mullvad VPN

I installed sys-vpn from the unamn repository [1], and everything works smoothly. However, I need this setup [2]: I need to connect to an SSH server in sys-vpn. All I need is an nftables rule that allows sys-vpn to connect to the SSH IP. Previously, I used this rule [3] with this setup [4]. Can anybody help write a rule that opens a hole in the firewall rules to enable SSH access in sys-vpn [1]?


[2] SSH and Mullvad VPN
iptables -I OUTPUT 1 -d -j ACCEPT
iptables -I INPUT 1 -s -j ACCEPT
[4] GitHub - tasket/Qubes-vpn-support: VPN configuration in Qubes OS

You can try this:

sudo nft add rule ip qubes custom-input ip daddr accept

Is sys-vpn using qvm-firewall to restrict sys-vpn network? If so, you should use qvm-firewall to allow reaching your ssh server.

1 Like

Edit /rw/config/firewall.nft and add these lines:

table ip qubes {
    chain custom-input {
        type filter hook output priority 0;
        ip daddr accept;

Reboot sys-vpn, and SSH should work with this setup [1][2].

For times when SSH disconnects, use this script:

while true; do
  pidof_ssh=$(pidof ssh)
  if [[ -z $pidof_ssh ]]; then
    sshpass -p "mullvad" ssh -f -N -D 1234 mullvad@
  sleep 7

[2] SSH and Mullvad VPN

1 Like