服务器 Gind.cn
  1. 服务器 Gind.cn
  3. OpenVpn和SSH监听
Intereting Posts
免费的磁盘监视窗口2012年 – PowerShell的 linux + lftp不能正常工作+ Socket错误 为什么php-fpm在没有服务器负载的情况下每秒产卵和摧毁数百个孩子? 更改SQL服务帐户 无法将网域指定给Google网站 WAN上的瘦客户机 – 容量规划 在Windows中导入LocalMachine证书的最小权限(服务器) 如何为phpmyadmin攻击创buildfail2banfilter Netcat可以与encryption端口通话吗? 在工作服务器上安装FreePBX或Asiterisk-GUI 使用CLI工具显示远程SSL证书详细信息 QNAP TS-EC1279U带X520-DA2(10GBe)工作站重启后松动NIC连接 在Windows XP / Vista上密码外部硬盘驱动器 连接电缆时禁用(断开连接)XP / Vista上的WiFi 域名服务器不同意SOA系列

OpenVpn和SSH监听

我在我的开发服务器上从我家的OpenVpn连接,我在OpenVpn的开发服务器的IP是10.0.8.2,我可以看到在netstat两个接口,eth0和tun0。 现在我想从我家用SSH客户端连接到我的服务器与openvpn地址,但是当我尝试服务器拒绝连接,我只能连接公共地址的IP,如果我使用nmap on openvpn地址10.0.8.2我看不到开了22号港口,我怎么解决呢?

netstat的 

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 2601/tor tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2026/apache2 tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 2642/xrdp tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 3966/svnserve tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2461/mysqld tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 1916/sendmail: MTA: tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1599/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2026/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2623/vsftpd tcp 0 0 mypublicIP:53 0.0.0.0:* LISTEN 1732/named tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 1732/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1732/named tcp 0 0 127.0.0.1:3350 0.0.0.0:* LISTEN 2645/xrdp-sesman tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1958/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1916/sendmail: MTA: tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1732/named

iptables的 

 Chain INPUT (policy ACCEPT 3271 packets, 2758K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1912 packets, 638K bytes) pkts bytes target prot opt in out source destination

sshd conf 

 # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to ListenAddress 10.0.8.2 #ListenAddress :: ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, UsePAM yes

编辑2:这是我的netstat 

  lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:427 errors:0 dropped:0 overruns:0 frame:0 TX packets:427 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:47697 (46.5 KiB) TX bytes:47697 (46.5 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 PtP:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:127.0.0.2 PtP:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:7228 errors:0 dropped:0 overruns:0 frame:0 TX packets:5099 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5625992 (5.3 MiB) TX bytes:1114154 (1.0 MiB) venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:mypublicipaddress PtP:mypublicaddress Bcast:mypublicaddress Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

为openvpnconfiguration我已经学会了这个教程: http : //www.thegeekstuff.com/2013/09/openvpn-setup/

从我家我可以ping 10.8.0.2

防火墙可能是问题。 试试这个(我假设你有Linux的盒子):

iptables -I INPUT 1 -s 10.8.0.X -i tun0 -p tcp --dport 22 -j ACCEPT

哪里:

  • -I – 插入规则链INPUT @位置号码。 1
  • -s – 源地址
  • -i – input接口
  • -p – 协议
  • --dport – 目标端口
  • -j ACCEPT – 接受连接

如果没有,那么告诉我们:

  • netstat -l -p -t -n
  • iptables -L -nv
  • sshdconfiguration