大家好
注意:我看过这个相关链接但它似乎不适用,因为我没有转发我的 ssh,也许在接口之间,但这已经完成了
我有一个远程 VPS 服务器,其目的主要是作为我/同事所有设备的便捷访问点,即我的家庭服务器、手机、笔记本电脑、台式机等。
我的 openvpn 服务器已配置client-to-client
好ccd
选项,运行完美。
通过给定的 IP SSH 连接到另一台设备非常有效,例如
../../.openvpn/ccd/
android-phone
ifconfig-push 10.0.0.34 10.0.0.33
windows-laptop
ifconfig-push 10.0.0.30 10.0.0.29
如果两个设备都已连接,那么在我的 Android 终端中,
ssh [email protected]
我可以完美地访问我的笔记本电脑,没有问题,但是我的服务器终端,服务器意味着 OpenVPN 服务器
ssh [email protected]
ssh [email protected]
ssh 10.0.0.29
ssh 10.0.0.30
都产生这个错误
ssh: connect to host 10.0.0.29 port 22: Connection timed out
我的 iptables 如下
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data /* FTP-Data IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp /* FTP-Ctrl IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* SSH IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp /* SMTP IN (iface:ALL) */ state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:whois /* Whois IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:domain /* DNS IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http /* HTTP IN {NER}(iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https /* HTTPS IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https /* HTTPS IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:ntp /* NTP/OPENVPN IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:9800 /* TRANSMISSION IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere /* Ping Request/Reply IN (iface:ALL) */ state NEW,RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere /* Ping Request/Reply OUT (iface:ALL) */
和 NAT 表
iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.0.0/24 anywhere to:{openvpn-server}
MASQUERADE all -- 10.0.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
最后,路由
netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.0.0.0 10.0.0.2 255.255.255.0 UG 0 0 0 tun0
default * 0.0.0.0 U 0 0 0 venet0
有人有什么建议吗?
答案1
如果你的 openvpn 服务器的 ip 是10.0.0.2
,那么运行以下命令:
iptables -I POSTROUTING -t nat -d 10.0.0.0/24 -j SNAT --to 10.0.0.2
然后再试一次。
我之前遇到过同样的问题,并通过这个解决方案解决了它。