如何将 SSH 流量路由到连接到 VPN 的 VPS?

如何将 SSH 流量路由到连接到 VPN 的 VPS?

所以我已经尝试了几个小时来解决这个问题,我开始感到沮丧。我有一个通过 SSH 登录的 VPS。我正在从该 VPS 连接到我的 VPN 服务 (nordvpn)。在理想情况下,我可以使用 nordvpn 应用程序连接到他们的 VPN 服务,而不是使用 openvpn,因为 nord 应用程序有一些使事情变得更容易的功能(随机切换他们的服务器、通过输入名称选择国家/地区等)。当我尝试通过他们的应用程序连接到 nordvpn 时,我立即断开了与我的 ssh 连接。如果我想从我的机器重新 SSH,我必须通过服务提供商提供的 Web 控制台登录我的 VPS 以关闭 nordvpn 连接。我该如何设置才能以这种方式使用他们的 VPN?以下是一些可能有帮助的信息。

首先这是我的 vps 上“ifconig”的输出:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet x.x.x.x  netmask 255.255.240.0  broadcast x.x.n.m
    inet6 <removed>  prefixlen 64  scopeid 0x20<link>
    ether ba:34:82:44:0f:83  txqueuelen 1000  (Ethernet)
    RX packets 1469133  bytes 4209036445 (3.9 GiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 1007911  bytes 268157669 (255.7 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet y.y.y.y  netmask 255.255.0.0  broadcast y.y.255.255
    ether ba:34:82:44:0f:83  txqueuelen 1000  (Ethernet)

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet z.z.z.z  netmask 255.255.0.0  broadcast z.z.255.255
    inet6 <removed>  prefixlen 64  scopeid 0x20<link>
    ether aa:93:20:c4:94:60  txqueuelen 1000  (Ethernet)
    RX packets 326  bytes 16840 (16.4 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 186  bytes 15120 (14.7 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1  (Local Loopback)
    RX packets 2666023  bytes 1403474636 (1.3 GiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 2666023  bytes 1403474636 (1.3 GiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

当我连接到 VPN 应用程序时,它会添加一个 tun0 接口,其 ip 不是静态的:

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
    inet 10.8.1.3  netmask 255.255.255.0  destination 10.8.1.3
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
    RX packets 14  bytes 5417 (5.2 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 23  bytes 2019 (1.9 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

未连接到 VPN 时,IP 表会被完全刷新,而当我使用 nordvpn 应用程序时,它会添加大量内容。以下是连接到 VPN 时“iptables -L”的输出:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate
RELATED,ESTABLISHED
ACCEPT     all  --  66.171.37.83         anywhere             ctstate
RELATED,ESTABLISHED
ACCEPT     all  --  loopback/8           anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  66.171.37.83         anywhere             ctstate
RELATED,ESTABLISHED
ACCEPT     all  --  134.209.32.0/20      anywhere             ctstate  
RELATED,ESTABLISHED
ACCEPT     all  --  66.171.37.83         anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  10.17.0.0/16         anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  66.171.37.83         anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  10.132.0.0/16        anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  66.171.37.83         anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere             ctstate
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             103.86.96.100        udp dpt:domain
ACCEPT     udp  --  anywhere             103.86.99.100        udp dpt:domain
ACCEPT     udp  --  anywhere             103.86.96.100        udp dpt:domain
ACCEPT     udp  --  anywhere             103.86.99.100        udp dpt:domain
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             66.171.37.83        
ACCEPT     all  --  anywhere             loopback/8          
ACCEPT     all  --  anywhere             66.171.37.83        
ACCEPT     all  --  anywhere             134.209.32.0/20     
ACCEPT     all  --  anywhere             66.171.37.83        
ACCEPT     all  --  anywhere             10.17.0.0/16        
ACCEPT     all  --  anywhere             66.171.37.83        
ACCEPT     all  --  anywhere             10.132.0.0/16       
ACCEPT     all  --  anywhere             66.171.37.83        
ACCEPT     all  --  anywhere             10.8.0.0/24         
ACCEPT     all  --  anywhere             anywhere

我已经阅读该主题很长时间了,据我所知,我可能需要在某个地方标记和转发端口 22 上的数据包,但我无论如何也想不出答案。任何帮助都将不胜感激。

答案1

看起来 NordVPN 正在阻止 ssh 端口。正如我所读到的,所有流量都通过他们的节点。登录 Nordvpn 上的个人资料,检查您是否可以允许他们的流量。

相关内容