无法使用 ipsec VPN 通过 SSH 进入计算机

tag-icon tag-icon networking ssh virtualbox vpn ipsec
无法使用 ipsec VPN 通过 SSH 进入计算机

我有一台带桥接适配器的 ubuntu 虚拟机,我已将其配置为使用 ipsec VPN。我可以顺利通过 SSH 进入机器,但当我打开 VPN 时,却无法进入。VPN 隧道还使 Linux 机器对 ping 不响应。虚拟机实际上甚至无法 ping 自己的网关。我的 VPN 提供商不提供端口转发。我可以输入哪些命令来确保在 VPN 启动时我仍然可以 SSH 从本地网络进入?

以下是从 SSH 启动隧道并尝试将其用作 socks 代理的输出:

$ ssh -D 8123  -C -q -t -v [email protected] "sudo ipsec up NordVPN"

authentication of 'us993.nordvpn.com' with EAP successful
IKE_SA NordVPN[9] established between 192.168.1.27[192.168.1.27]...23.81.21.124[us993.nordvpn.com]
scheduling reauthentication in 10085s
maximum IKE_SA lifetime 10625s
installing DNS server 78.46.223.24 via resolvconf
installing DNS server 162.242.211.137 via resolvconf
handling INTERNAL_IP4_NETMASK attribute failed
installing new virtual IP 10.6.6.231
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 5: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 6: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 7: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 8: new [dynamic-tcpip]
packet_write_wait: Connection to 192.168.1.27 port 22: Broken pipe

ssh -v当隧道已启动时就会超时。

没什么特别的吗sshd_config

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

sudo iptables -vpL(VPN 是否处于开启或关闭状态):

Chain INPUT (policy ACCEPT 41 packets, 9581 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 37 packets, 6921 bytes)
 pkts bytes target     prot opt in     out     source               destination

相关内容