VPN stands for virtual private networking. VPNs connect 2 different private networks across a public network, or a single host to a private network. By private, I mean not publicly routable. Your friend's address, 10.1.10.213, lies in private network range that is not publicly routable, so he probably has a small home/office router performing NAT (Network address translation) for him. NAT translates internal private network addresses and ports to a public IP address and port.
When you VPN in, you must tell your VPN client either his public IP address or his host.domain.name first. The problem is that most home internet connections receive their IP address for only a while and then changes. He can either tell you over the phone, email, or he can periodically update a dynamic DNS service with his new IP address.
Assuming you know his public IP address or host.domain name, the next thing is you need a way to connect to his internal machine 10.1.10.213 on port 22. That means, on his router, he needs to port forward his external IP address and port (say 22) to his internal IP address 10.1.10.213 port 22.
Once you know his public IP address or dynamic DNS hostname, and he has port forwarding set, then all you need to do on your end is:
ssh yourusername@address
Or if he port forwarded his external IP address and port that is different than 22, then use:
ssh yourusername@address -p PortNumber
Further notes: His machine's address should be statically assigned rather than being assigned with DHCP. This way, his router's port forwarding will always go to the right computer.
If the router's port forwarding is configured to the correct internal IP address and both you and him are able to access the internet, and you're using ssh to connect to the right port on his router, then it might be either:
- that his service provider is blocking inbound connections to that
port, in which case have him map a high port number to his ssh server; or
- that either his router or his computer has a firewall rule preventing connections to their respective ports.
2
When you wrote "I also port forwarded port 22 on his network" does that mean you configured his router/firewall that is performing NAT to allow an inbound SSH connection to port 22 on his computer? If so, you don't need to be able to establish a VPN connection to his location in order to establish an SSH connection. You just use ssh foobar@172.16.0.10 or whatever the public IP address is for his location and the router or firewall should forward the connection to his system.
– moonpoint – 2015-08-27T02:40:29.623I port forwarded TCP port 22 on the 10.1.10.213 ip. I tried ssh foobar@publicIP, but it doesn't work. It just times out. – o.o – 2015-08-27T02:51:24.027
1Did you give his computer a reserved or static IP on his LAN? If his machine is using the DHCP client and not reserved or static then the port forwarding may be going to an expired IP (hence the timeout). – Kinnectus – 2015-08-27T04:16:40.213
1And the forward shouldn't be to the VPN IP unless the router does the VPN – Sami Kuhmonen – 2015-08-27T04:21:09.720
1I think you're confusing port forwarding through the NAT on his modem/router so you can use SSH remotely in the first place, verses what is called SSH tunnelling that lets you access any IP:port combination on the network the SSH server is on as if the traffic is coming from the SSH server. – BeowulfNode42 – 2015-08-27T08:27:09.190
I did give it a static ip and its not forwarded to the VPN ip. I believe I am confusing something. I'm going to look more into it. Thank you all! – o.o – 2015-08-27T13:28:21.173