VPN tunnel IP is 172.16.4.2, how can I reverse shell to my local machine, from a box on an attached subnet?

bash security subnet vpn

A tunnel has two ends not just 172.16.4.2. If that's your IP on that net interface/link and you want to connect to it from the other side, then you can just connect to it as long as this interface is routed to on the other end and is not blocked by some firewalls etc. Of course, you need an SSH listening on this interface.

Answers to questions in the comment below:

  1. The arrow shows a p2p connection with two ends. The first one is local. It looks like a loop to itself, but may still work despite this misconfiguration (or lack of configuration), as it's a p2p and the destination IP is not so important. (See What is the “destination address” for a TAP/TUN device? on SO.)

  2. An interface is not a connection. Interfaces can be connected and then there's a connection. A tunnel is somewhat abstract. It suggests going through something (like another pair of interfaces). So the base (VPN) connection carries the second.

  3. Ethernet connection is not an interface. You can have an ethernet interface and connect two ethernet interfaces.

  4. To squeeze your mind a little more, a VPN can also emulate a switch not a router. See Should I use tap or tun for openvpn?.

Related

Getting rid of "Welcome to nginx!"
A docker image for interactive use, with more utilities?
Automate ssh port forwarding using DNS
When the server receives a request, does it automatically knows the website is itself? [closed]
Can I safely close port 53?
Replace VPS rDNS FQDN with a mail subdomain
Kubernetes Ingress whitelist-source-range for LAN
How to limit memory usage by application in linux?
Configuring DKIM using DNS and hosting on VPS
NFS not allowing hosts specified in config to mount share
HSTS max-age not effective/no update in Nginx
Configuring multiple Ethernet connections in a linux server