OpenVpn 和 SSH 监听

我从家里与开发服务器建立了 OpenVpn 连接，OpenVpn 中开发服务器的 ip 是 10.0.8.2，我在 netstat 中可以看到两个接口，eth0 和 tun0。现在我想从家里使用 ssh 客户端连接到带有 openvpn 地址的服务器，但是当我尝试连接时，服务器拒绝连接，我只能连接公共地址 ip，如果我在 openvpn 地址 10.0.8.2 上使用 nmap，我看不到打开了端口 22，我该如何解决？

---

网络状态

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      2601/tor        
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2026/apache2    
    tcp        0      0 0.0.0.0:3389            0.0.0.0:*               LISTEN      2642/xrdp       
    tcp        0      0 0.0.0.0:3690            0.0.0.0:*               LISTEN      3966/svnserve   
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      2461/mysqld     
    tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      1916/sendmail: MTA:
    tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1599/rpcbind    
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2026/apache2    
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2623/vsftpd     
    tcp        0      0 mypublicIP:53        0.0.0.0:*               LISTEN      1732/named      
    tcp        0      0 127.0.0.2:53            0.0.0.0:*               LISTEN      1732/named      
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1732/named      
    tcp        0      0 127.0.0.1:3350          0.0.0.0:*               LISTEN      2645/xrdp-sesman
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1958/sshd       
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1916/sendmail: MTA:
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1732/named 

iptables

Chain INPUT (policy ACCEPT 3271 packets, 2758K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1912 packets, 638K bytes)
 pkts bytes target     prot opt in     out     source               destination         

sshd 配置

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 10.0.8.2
#ListenAddress ::
ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
UsePAM yes

编辑2：这是我的 netstat

  lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:427 errors:0 dropped:0 overruns:0 frame:0
          TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:47697 (46.5 KiB)  TX bytes:47697 (46.5 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:7228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5099 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5625992 (5.3 MiB)  TX bytes:1114154 (1.0 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:mypublicipaddress  P-t-P:mypublicaddress  Bcast:mypublicaddress  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

对于 openvpn 配置，我已经了解了本教程： http://www.thegeekstuff.com/2013/09/openvpn-setup/

在我家我可以 ping 10.8.0.2