服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 如何使基于SSH的基于VPN?
Intereting Posts
包括内部服务器到ssl证书有问题吗? 将SVN服务器存储库存储在(安装的)远程samba共享上 如何configurationphp-fpm将日志logging到在nginx虚拟主机中configuration的日志文件 在Linux命令行上使用NTFS挂载TrueCrypt卷 Salt的Puppetforge和Ansible星系相当于什么? Nginx 10k并发连接 第九代及以后的戴尔服务器DRAC上,“共享模式”究竟意味着什么? 如何在Linux中查找分段错误? 在发送或接收电子邮件时拒绝连接 对于小型开发团队来说,最好的虚拟机软件 有没有比VPN隧道更好的方式来访问远程数据中心的本地工具? 奇怪的进入Apache日志 如何在Centos 5.8中启用pdo mysql Netstat – Thunderbird和其他人在奇怪的端口上工作 有没有办法检查lighttpd中的客户端证书颁发者?

如何使基于SSH的基于VPN?

我使用基于ssh的VPN有一些问题。

情况: 

LOCAL -> GATE -> SERVICES (ssh server) (Many other servers with some services) 192.168.0.10 10.1.0.154 172.26.106.0/24 255.255.255.0 255.255.0.0

从LOCAL我可以通过SSHlogin到GATE,然后从这里我可以访问所有的服务器。

但是我想直接从我的本地计算机访问服务。 我怎么能实现这个?

这是我阅读ssh手册后试图做的事情:

在本地: 

 # ssh -f -w 1:2 root@GATE true # ifconfig tun1 10.66.1.1 10.66.1.2 netmask 255.255.255.252 # route add -net 172.26.106.0 netmask 255.255.255.0 gw 10.66.1.2

在GATE: 

 # ifconfig tun2 10.66.1.2 10.66.1.1 netmask 255.255.255.252

它不起作用。 当我尝试从本地ssh到某些服务时,我得到超时;-(

感谢杰夫·梅登的评论,我设法做到了。 我调整了脚本: github.com/oicu/vpn-over-ssh/blob/master/svpn.sh到我的需要,最后它的工作:

我的版本: 

 #!/bin/bash PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin export PATH [ "$(whoami)" != 'root' ] && echo "Run it as root." && exit 1 SERVER_SSH_PORT="22" SERVER_SSH_IP="10.1.0.154" CLIENT_TUNNEL="tun5" SERVER_TUNNEL="tun4" CLIENT_TUN_IP="192.168.55.5" SERVER_TUN_IP="192.168.55.4" TUN_NETMASK="255.255.255.0" CLIENT_ETHERNET="enp12s0" SERVER_ETHERNET="eth0" ROUTES=("172.26.100.0/24" "172.26.106.0/24" "172.26.103.0/24") function start() { ssh -NTCf -w "${CLIENT_TUNNEL#tun}:${SERVER_TUNNEL#tun}" root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT} if [ $? -ne 0 ]; then exit 1; fi echo "ssh tunnel is working." ssh -T root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT} << eeooff ifconfig ${SERVER_TUNNEL} ${SERVER_TUN_IP} pointopoint ${CLIENT_TUN_IP} netmask ${TUN_NETMASK} iptables -t nat -A POSTROUTING -s ${CLIENT_TUN_IP}/32 -o ${SERVER_ETHERNET} -j MASQUERADE iptables -A FORWARD -p tcp --syn -s ${CLIENT_TUN_IP}/32 -j TCPMSS --set-mss 1356 exit eeooff for ROUTE in ${ROUTES[*]} do ssh -T root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT} "iptables -t nat -A POSTROUTING -s $ROUTE -o ${CLIENT_TUNNEL} -j MASQUERADE" done if [ $? -ne 0 ]; then exit 1; fi echo "remote start." ifconfig ${CLIENT_TUNNEL} > /dev/null 2>&1 if [ $? -eq 0 ]; then echo 1 > /proc/sys/net/ipv4/ip_forward ifconfig ${CLIENT_TUNNEL} ${CLIENT_TUN_IP} pointopoint ${SERVER_TUN_IP} netmask ${TUN_NETMASK} for ROUTE in ${ROUTES[*]} do ip route add $ROUTE via ${CLIENT_TUN_IP} metric 102 printf "Adding route: %s\n" $ROUTE done iptables -t nat -A POSTROUTING -s ${SERVER_TUN_IP}/32 -o ${CLIENT_ETHERNET} -j MASQUERADE iptables -A FORWARD -p tcp --syn -s ${SERVER_TUN_IP}/32 -j TCPMSS --set-mss 1356 for ROUTE in ${ROUTES[*]} do iptables -t nat -A POSTROUTING -s $ROUTE -o ${CLIENT_TUNNEL} -j MASQUERADE done ping ${SERVER_TUN_IP} -i 60 > /dev/null 2>&1 & echo "local start." else exit 1 fi } function stop(){ echo "Flushing iptables on server..." ssh -T root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT} "iptables -F" echo "Flushing iptables on localhost..." iptables -F echo "Killing ssh tunnel..." CLIENT_SSH_PID=`ps -ef | grep "ssh -NTCf -w ${CLIENT_TUNNEL#tun}:${SERVER_TUNNEL#tun}" | grep -v grep | head -n1 | awk '{print $2}'` if [ -n "${CLIENT_SSH_PID}" ]; then kill -9 ${CLIENT_SSH_PID} fi if [ -n "`pidof ping`" ]; then pidof ping | xargs kill -9 fi } function usage(){ echo "usage:" echo " $0 -start" echo " $0 -stop" echo "" echo "for ssh:" echo " nohup $0 -start > /dev/null 2>&1" } case $1 in "--start" | "-start") start ;; "--stop" | "-stop") stop ;; *) usage ;; esac