-1

I have created a azure vm on ubuntu tls ubuntu 16.04 and i have created a azure vpn gateway as mentioned in this document https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal the problem is i have successfully connected to the vpn but when i try to access any port that is allowed for my virtual network only. I get an error of 10060. Which means that timed out. I am behind a D-Link router. Do i need to connect my router to the vpn or my pc is enough to get connected to the vpn to access the vm azure. i want to access ssh through my Vnet only As seen in the picture i want my vpn gateway or vnet to access the ssh port only and restricted to others. But it gives 10060 error

VPN Connection Successful VPN connection is successful. What can be the problem. If i change the source to any it will connect perfectly There's no IP overlapping.

4

1 回答 1

0

你过度设计了它。

如果您只想锁定您的 SSH 端点,但仍然能够从动态 IP 进入,请在您的 NSG 中允许来自 VM 的 SSHAny并在 VM 上安装knockd (Port Knock 守护程序)-</p>

https://help.ubuntu.com/community/PortKnocking#Server_Setup

什么是端口敲击?

端口敲门是一种简单的方法来授予远程访问权限,而无需始终打开端口。这可以保护您的服务器免受端口扫描和脚本小子攻击。

要使用端口敲门,服务器必须有防火墙并运行敲门守护程序。顾名思义,守护进程正在侦听特定的 TCP 或 UDP“敲门”序列。如果顺序正确,则执行命令;通常,源 IP 地址可以通过防火墙访问应用程序的端口(例如 SSH)。

大多数发行版都应该可以通过apt/yum/whateverSuSEusesNowadays获得。如果您真的必须从源代码编译,请在此处进行压缩包。

于 2018-03-22T19:17:09.753 回答