Eu tenho uma máquina virtual Ubuntu com adaptador em ponte que eu configurei para usar uma VPN ipsec. Eu posso conectar o SSH à máquina, mas quando ligo a VPN, não consigo. O túnel VPN também faz a máquina linux não responder a pings. A vm, na verdade, não consegue nem pingar seu próprio gateway. Meu provedor de VPN não fornece o encaminhamento de porta. Que comandos eu posso digitar para ter certeza de que ainda posso acessar o SSH a partir da rede local quando a VPN estiver ativa?
Aqui está a saída de iniciar o encapsulamento do SSH e tentar usá-lo como um proxy de socks:
$ ssh -D 8123 -C -q -t -v [email protected] "sudo ipsec up NordVPN"
authentication of 'us993.nordvpn.com' with EAP successful
IKE_SA NordVPN[9] established between 192.168.1.27[192.168.1.27]...23.81.21.124[us993.nordvpn.com]
scheduling reauthentication in 10085s
maximum IKE_SA lifetime 10625s
installing DNS server 78.46.223.24 via resolvconf
installing DNS server 162.242.211.137 via resolvconf
handling INTERNAL_IP4_NETMASK attribute failed
installing new virtual IP 10.6.6.231
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 3: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 4: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 5: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 6: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 7: new [dynamic-tcpip]
debug1: Connection to port 8123 forwarding to socks port 0 requested.
debug1: channel 8: new [dynamic-tcpip]
packet_write_wait: Connection to 192.168.1.27 port 22: Broken pipe
ssh -v quando o túnel já está em funcionamento apenas expira.
Nada de especial em sshd_config ?
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
sudo iptables -vpL (se a VPN está ativa ou inativa):
Chain INPUT (policy ACCEPT 41 packets, 9581 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 37 packets, 6921 bytes)
pkts bytes target prot opt in out source destination
Tags ssh networking virtualbox vpn ipsec