所以我已经尝试了几个小时来解决这个问题,我开始感到沮丧。我有一个通过 SSH 登录的 VPS。我正在从该 VPS 连接到我的 VPN 服务 (nordvpn)。在理想情况下,我可以使用 nordvpn 应用程序连接到他们的 VPN 服务,而不是使用 openvpn,因为 nord 应用程序有一些使事情变得更容易的功能(随机切换他们的服务器、通过输入名称选择国家/地区等)。当我尝试通过他们的应用程序连接到 nordvpn 时,我立即断开了与我的 ssh 连接。如果我想从我的机器重新 SSH,我必须通过服务提供商提供的 Web 控制台登录我的 VPS 以关闭 nordvpn 连接。我该如何设置才能以这种方式使用他们的 VPN?以下是一些可能有帮助的信息。
首先这是我的 vps 上“ifconig”的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet x.x.x.x netmask 255.255.240.0 broadcast x.x.n.m
inet6 <removed> prefixlen 64 scopeid 0x20<link>
ether ba:34:82:44:0f:83 txqueuelen 1000 (Ethernet)
RX packets 1469133 bytes 4209036445 (3.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1007911 bytes 268157669 (255.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet y.y.y.y netmask 255.255.0.0 broadcast y.y.255.255
ether ba:34:82:44:0f:83 txqueuelen 1000 (Ethernet)
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet z.z.z.z netmask 255.255.0.0 broadcast z.z.255.255
inet6 <removed> prefixlen 64 scopeid 0x20<link>
ether aa:93:20:c4:94:60 txqueuelen 1000 (Ethernet)
RX packets 326 bytes 16840 (16.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 186 bytes 15120 (14.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 2666023 bytes 1403474636 (1.3 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2666023 bytes 1403474636 (1.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
当我连接到 VPN 应用程序时,它会添加一个 tun0 接口,其 ip 不是静态的:
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.1.3 netmask 255.255.255.0 destination 10.8.1.3
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 14 bytes 5417 (5.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23 bytes 2019 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
未连接到 VPN 时,IP 表会被完全刷新,而当我使用 nordvpn 应用程序时,它会添加大量内容。以下是连接到 VPN 时“iptables -L”的输出:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 66.171.37.83 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- loopback/8 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 66.171.37.83 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 134.209.32.0/20 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 66.171.37.83 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 10.17.0.0/16 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 66.171.37.83 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 10.132.0.0/16 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 66.171.37.83 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere 103.86.96.100 udp dpt:domain
ACCEPT udp -- anywhere 103.86.99.100 udp dpt:domain
ACCEPT udp -- anywhere 103.86.96.100 udp dpt:domain
ACCEPT udp -- anywhere 103.86.99.100 udp dpt:domain
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 66.171.37.83
ACCEPT all -- anywhere loopback/8
ACCEPT all -- anywhere 66.171.37.83
ACCEPT all -- anywhere 134.209.32.0/20
ACCEPT all -- anywhere 66.171.37.83
ACCEPT all -- anywhere 10.17.0.0/16
ACCEPT all -- anywhere 66.171.37.83
ACCEPT all -- anywhere 10.132.0.0/16
ACCEPT all -- anywhere 66.171.37.83
ACCEPT all -- anywhere 10.8.0.0/24
ACCEPT all -- anywhere anywhere
我已经阅读该主题很长时间了,据我所知,我可能需要在某个地方标记和转发端口 22 上的数据包,但我无论如何也想不出答案。任何帮助都将不胜感激。
答案1
看起来 NordVPN 正在阻止 ssh 端口。正如我所读到的,所有流量都通过他们的节点。登录 Nordvpn 上的个人资料,检查您是否可以允许他们的流量。