启动 Ovpn 客户端时 SSH 终止

tag-icon tag-icon linux ubuntu ssh routing vps
启动 Ovpn 客户端时 SSH 终止

我有一个运行 Ubuntu 16.04.1 的 VPS,我使用 SSH 连接到它。我想在 VPS 上运行 OpenVPN 客户端,以便互联网流量通过 VPN 路由,但仍允许我通过 SSH 连接到服务器。当我启动 OpenVPN 时,我的 SSH 会话断开连接,我无法再连接到我的 VPS。如何配置 VPS 以允许传入的 SSH(端口 22)连接在 VPS 的实际 IP(84.XxX)上打开,但仍通过 VPN 路由传出的流量(例如来自 VPS 上的 Web 浏览器的流量)?

我使用的 OpenVPN 服务是 PrivateInternetAccess,示例 config.ovpn 文件是:

proto udp
tun-mtu 1500
fragment 1300
mssfix
cipher AES-256-CBC
remote amsterdam.perfect-privacy.com 149
remote amsterdam.perfect-privacy.com 1151
remote amsterdam.perfect-privacy.com 1150
remote amsterdam.perfect-privacy.com 1149
remote amsterdam.perfect-privacy.com 151
remote amsterdam.perfect-privacy.com 150
remote amsterdam.perfect-privacy.asia 151
remote amsterdam.perfect-privacy.asia 150
remote amsterdam.perfect-privacy.org 1149
remote amsterdam.perfect-privacy.info 1150
remote amsterdam.perfect-privacy.asia 149

auth SHA512
auth-user-pass password.txt
client
comp-lzo
dev tun
#float
hand-window 120
inactive 604800
mute-replay-warnings
nobind
ns-cert-type server
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
tun-ipv6

ca ca.crt
cert Amsterdam_cl.crt
key Amsterdam_cl.key
tls-auth Amsterdam_ta.key 1
down /etc/openvpn/update-resolv-conf
up /etc/openvpn/update-resolv-conf
crl-verify ca.crl

VPS 的 IP 地址:

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
              RX packets:27052 errors:0 dropped:0 overruns:0 frame:0
              TX packets:30619 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:3363556 (3.3 MB)  TX bytes:4903075 (4.9 MB)

    venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:84.200.105.209  P-t-P:84.X.x.X  
              Bcast:84.X.x.X  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

我读到它可以通过路由来完成,但我在 Linux 上没有太多经验,而且我不想让我的 Vps 崩溃,所以我请求你的帮助。

答案1

您或许会在这里找到答案:https://unix.stackexchange.com/questions/4420/reply-on-same-interface-as-incoming

您的 OpenVPN 客户端更改了服务器的默认路由。当您尝试通过 SSH 连接时,TCP 握手无法完成,因为您的服务器尝试通过 OpenVPN 隧道进行回复。数据包可能会在某个时刻丢失,或者最多会从另一个 IP 到达。

答案2

在您的 openvpn 客户端配置中添加自定义路由命令:

route add 84.X.x.X 255.255.255.255     <your real default gw>

相关内容