OpenVPN-从 OpenVPN 服务器通过 SSH 进入 OpenVPN 客户端

OpenVPN-从 OpenVPN 服务器通过 SSH 进入 OpenVPN 客户端

大家好

注意:我看过这个相关链接但它似乎不适用,因为我没有转发我的 ssh,也许在接口之间,但这已经完成了

我有一个远程 VPS 服务器,其目的主要是作为我/同事所有设备的便捷访问点,即我的家庭服务器、手机、笔记本电脑、台式机等。

我的 openvpn 服务器已配置client-to-clientccd选项,运行完美。

通过给定的 IP SSH 连接到另一台设备非常有效,例如

../../.openvpn/ccd/

android-phone
    ifconfig-push 10.0.0.34 10.0.0.33

windows-laptop
    ifconfig-push 10.0.0.30 10.0.0.29

如果两个设备都已连接,那么在我的 Android 终端中,

ssh [email protected]

我可以完美地访问我的笔记本电脑,没有问题,但是我的服务器终端,服务器意味着 OpenVPN 服务器

ssh [email protected]
ssh [email protected]
ssh 10.0.0.29
ssh 10.0.0.30

都产生这个错误

ssh: connect to host 10.0.0.29 port 22: Connection timed out

我的 iptables 如下

iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data /* FTP-Data IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp /* FTP-Ctrl IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* SSH IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp /* SMTP IN (iface:ALL) */ state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:whois /* Whois IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain /* DNS IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http /* HTTP IN {NER}(iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:https /* HTTPS IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https /* HTTPS IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp /* NTP/OPENVPN IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9800 /* TRANSMISSION IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             /* Ping Request/Reply IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             /* Ping Request/Reply OUT (iface:ALL) */

和 NAT 表

iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.0.0.0/24          anywhere             to:{openvpn-server}
MASQUERADE  all  --  10.0.0.0/24          anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

最后,路由

netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.2        *               255.255.255.255 UH        0 0          0 tun0
10.0.0.0        10.0.0.2        255.255.255.0   UG        0 0          0 tun0
default         *               0.0.0.0         U         0 0          0 venet0

有人有什么建议吗?

答案1

如果你的 openvpn 服务器的 ip 是10.0.0.2,那么运行以下命令:

iptables -I POSTROUTING -t nat -d 10.0.0.0/24 -j SNAT --to 10.0.0.2

然后再试一次。

我之前遇到过同样的问题,并通过这个解决方案解决了它。

相关内容