我通过openvpn(位于子网10.8.0.0/255.255.255.0下)将笔记本电脑连接到办公室networking。 我可以ssh和mosh进入我的办公桌面没问题。
最近我决定还在不同的子网(192.168.2.0/255.255.255.0)上build立第二个openvpnnetworking,用于在家访问我的电脑。
当我连接到两个networking时:
$ ip address ... 4: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.8.0.26 peer 10.8.0.25/32 scope global tun1 valid_lft forever preferred_lft forever 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 192.168.2.3 peer 192.168.20.4/32 scope global tun0 valid_lft forever preferred_lft forever 我试图ssh进入我的办公桌面。 $ ssh officebox工作(officeboxparsing为172.22.22.133是在办公室路由器IP范围),但我首选的方法$ mosh officebox失败:
$ mosh officebox @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:Qcg8zcFGJAUwtnb1c/oATrVTIdRoFK/neQF7fmK/mag. Please contact your system administrator. ... ... ... /usr/bin/mosh: Did not find mosh server startup message.
但是,直接使用IP地址$ mosh 172.22.22.133作品。
所以我怀疑这是与DNS有关的。 如果我在OpenVPN home.conf行中注释掉客户端的up/down update-resolv-conf行,以便在/etc/resolve.conf没有插入nameserver行,mosh by hostname将恢复正常。 我想知道是什么导致mosh认为远程主机签名已经改变。
# server.ovpn: port 1194 proto udp dev tun ca home/ca.crt cert home/server.crt key home/server.key # This file should be kept secret dh home/dh2048.pem server 192.168.2.0 255.255.255.0 ifconfig-pool-persist home-ipp.txt push "route 192.168.2.0 255.255.255.0" client-config-dir home/ccd learn-address /etc/openvpn/learn-address.sh push "dhcp-option DOMAIN home-vpn.net" push "dhcp-option DNS 192.168.2.1" client-to-client duplicate-cn keepalive 10 120 tls-auth home/ta.key 0 # This file is secret comp-lzo user vpn group vpn persist-key persist-tun status openvpn-home-status.log log openvpn-home.log verb 3 up update-resolv-conf down update-resolv-conf