我们有一个 SSH 隧道 ( ssh -ND 127.0.0.1:8080 user@example.com),如果将浏览器指向127.0.0.1:8080为 socks5 代理,它可以正常工作,但其他流量仍然没有通过这个隧道。
我如何才能让所有流量都通过 SSH 隧道?
我需要什么工具和设置?
我使用的系统是 Debian 和 MacOS,如果解决方案或多或少适用于两个平台,那么更好。
您可以使用 ssh 创建 VPN。以下是相关部分man ssh:
SSH-BASED VIRTUAL PRIVATE NETWORKS
ssh contains support for Virtual Private Network (VPN) tunnelling using the tun(4)
network pseudo-device, allowing two networks to be joined securely. The sshd_config(5)
configuration option PermitTunnel controls whether the server supports this,
and at what level (layer 2 or 3 traffic).
The following example would connect client network 10.0.50.0/24 with remote network
10.0.99.0/24 using a point-to-point connection from 10.1.1.1 to 10.1.1.2,
provided that the SSH server running on the gateway to the remote network,
at 192.168.1.15, allows it.
On the client:
# ssh -f -w 0:1 192.168.1.15 true
# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
# route add 10.0.99.0/24 10.1.1.2
On the server:
# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
# route add 10.0.50.0/24 10.1.1.1
最后,您将拥有可用于转发流量的隧道接口。