eu tenho conexão OpenVpn da minha casa no meu servidor de desenvolvimento, o ip do meu servidor de desenvolvimento no OpenVpn é 10.0.8.2, eu posso ver no netstat duas interfaces, eth0 e tun0. agora eu quero conectar da minha casa com o cliente ssh para o meu servidor com o endereço openvpn, mas quando tento o servidor recusar a conexão, posso conectar apenas com o ip do endereço publico, se eu usar o nmap no endereço openvpn 10.0.8.2 não vejo abriu a porta 22, como eu posso resolver isso?
netstat
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 2601/tor
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2026/apache2
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 2642/xrdp
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 3966/svnserve
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2461/mysqld
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 1916/sendmail: MTA:
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1599/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2026/apache2
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2623/vsftpd
tcp 0 0 mypublicIP:53 0.0.0.0:* LISTEN 1732/named
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 1732/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1732/named
tcp 0 0 127.0.0.1:3350 0.0.0.0:* LISTEN 2645/xrdp-sesman
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1958/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1916/sendmail: MTA:
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1732/named
iptables
Chain INPUT (policy ACCEPT 3271 packets, 2758K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1912 packets, 638K bytes)
pkts bytes target prot opt in out source destination
sshd conf
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 10.0.8.2
#ListenAddress ::
ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
UsePAM yes
EDIT 2: este é o meu netstat
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:427 errors:0 dropped:0 overruns:0 frame:0
TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:47697 (46.5 KiB) TX bytes:47697 (46.5 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:7228 errors:0 dropped:0 overruns:0 frame:0
TX packets:5099 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5625992 (5.3 MiB) TX bytes:1114154 (1.0 MiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:mypublicipaddress P-t-P:mypublicaddress Bcast:mypublicaddress Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
para a configuração openvpn, aprendi este tutorial: link
da minha casa eu posso pingar 10.8.0.2
O firewall pode ser o problema. Tente isso (eu estou supondo que você tem caixa de linux):
iptables -I INPUT 1 -s 10.8.0.X -i tun0 -p tcp --dport 22 -j ACCEPT
onde:
-I - insere a regra na cadeia INPUT @ position no. %código%
1 - endereço de origem -s - interface de entrada -i - protocolo -p - porta de destino --dport - aceitar conexão Se não, então nos mostre:
-j ACCEPT netstat -l -p -t -n