Dns

synology:VPN 伺服器工作,但客戶端無法訪問網際網路

  • January 28, 2022

我有一個 DS215J 並且想要執行以下操作:

  • VPN 伺服器使用 OpenVPN 執行 -> 完成
  • 使用 synology.me 設置 DDNS -> 完成
  • 導出 *.ovpn 文件並通過 Ubuntu 連接 -> 完成
  • 問題:當連接到 VPN 時,Ubuntu 沒有“主機名網際網路訪問”;只有對 ip 的 ping 有效
  • 只要 Ubuntu 沒有連接到 VPN,就可以訪問網際網路;連接後,只能進行 ip ping

路由器設置如下:

  • 型號:Speedport Smart
  • 轉發到 NAS 的 TCP 埠:443、80、8080、8443 + 其他 3 個埠
  • 轉發到 NAS 的 UDP 埠:1194(用於 OpenVPN)、80、8080、8443、443

NAS 設置:

  • OpenVPN 啟動並執行
  • 防火牆已禁用
  • 通過 synology.me 啟用 DDNS
  • 沒有配置靜態路由
  • OpenVPN 連接成功建立

打開 VPN 客戶端命令行輸出:

# openvpn --config /mnt/vpn/VPNConfig.ovpn --auth-user-pass /mnt/vpn/auth.conf
Thu Jan 27 21:40:38 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Thu Jan 27 21:40:38 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Thu Jan 27 21:40:38 2022 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 27 21:40:38 2022 TCP/UDP: Preserving recently used remote address: [AF_INET] .. <ip removed>
Thu Jan 27 21:40:38 2022 UDP link local (bound): [AF_INET][undef]:1194
Thu Jan 27 21:40:38 2022 UDP link remote: [AF_INET] .. <ip removed>
Thu Jan 27 21:40:38 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 27 21:40:38 2022 [xxx.synology.me] Peer Connection Initiated with [AF_INET] .. <ip removed>
Thu Jan 27 21:40:40 2022 TUN/TAP device tun0 opened
Thu Jan 27 21:40:40 2022 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 27 21:40:40 2022 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Thu Jan 27 21:40:40 2022 /etc/openvpn/update-resolv-conf tun0 1500 1553 10.8.0.6 10.8.0.5 init
Thu Jan 27 21:40:40 2022 Initialization Sequence Completed

*.ovpn 設置:

dev tun
tls-client
remote xxx.synology.me 1194
float
redirect-gateway def1
dhcp-option DNS 192.168.2.1
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 8.8.8.8
pull
proto udp
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
...

我可以 ping 本地 ip 10.8.0.6 和外部 ip,但沒有主機名:

# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=64 time=0.707 ms
# ping www.microsoft.com
ping: unknown host
# ping 2.18.233.62
PING 2.18.233.62 (2.18.233.62): 56 data bytes
64 bytes from 2.18.233.62: icmp_seq=0 ttl=58 time=40.243 ms
# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=57 time=42.636 ms

似乎DNS會引起麻煩,但我不知道下一步該做什麼。

更新 2202/01/28:

# grep hosts: /etc/nsswitch.conf 
hosts:          files dns

# ls -l /etc/resolv.conf ; cat $_ 
-rw-r--r-- 1 root root 97 Jan 27 20:37 /etc/resolv.conf
# DNS requests are forwarded to the host. DHCP DNS options are ignored.
nameserver 192.168.65.5

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
   link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
   link/tunnel6 :: brd ::
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
   link/none 
   inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
      valid_lft forever preferred_lft forever
   inet6 fe80::a7fa:a4a5:a2e1:594/64 scope link stable-privacy 
      valid_lft forever preferred_lft forever
20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
   link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
   inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
      valid_lft forever preferred_lft forever
   inet6 fe80::42:acff:fe11:4/64 scope link 
      valid_lft forever preferred_lft forever

# systemd-resolve --status
sd_bus_open_system: No such file or directory

查看 OpenVPN 配置,您正在通過 OpenVPN ( redirect-gateway def1) 傳輸所有流量並將四個 DNS 伺服器推送到客戶端 ( dhcp-option DNS),其中之一是192.168.2.1

redirect-gateway def1
dhcp-option DNS 192.168.2.1
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 8.8.8.8

我認為所有 DNS 請求都發送到192.168.2.1可能不是有效的 DNS 伺服器,如果是,它可能不是連結/可達的。

從 .ovpn 文件中刪除該行,然後重試。

引用自:https://unix.stackexchange.com/questions/688247

相關問答

Dns

OpenVPN 客戶端不使用 VPN DNS 伺服器

  • March 13, 2022
檢視問答
Dns

如何修復 OpenVPN DNS 洩漏

  • January 12, 2022
檢視問答
Arch-Linux

如何使 resolvconf 將名稱伺服器附加到列表而不是預先添加它們?

  • January 12, 2022
檢視問答
Debian

如何知道 resolv.conf 條目來自哪裡?

  • January 11, 2022
檢視問答
Dns

列出所有 DNS 伺服器,包括那些由 VPN 推送的伺服器

  • December 14, 2021
檢視問答
Dns

NetworkManager 應該只詢問“頂級”DNS 伺服器

  • November 13, 2021
檢視問答