主页 / unix / 问题 / 688247
Accepted
bjoern
Asked: 2022-01-28 12:56:51 +0800 CST

synology:VPN 服务器工作,但客户端无法访问互联网

  • 772

我有一个 DS215J 并且想要执行以下操作:

  • VPN 服务器使用 OpenVPN 运行 -> 完成
  • 使用 synology.me 设置 DDNS -> 完成
  • 导出 *.ovpn 文件并通过 Ubuntu 连接 -> 完成
  • 问题:当连接到 VPN 时,Ubuntu 没有“主机名互联网访问”;只有对 ip 的 ping 有效
  • 只要 Ubuntu 没有连接到 VPN,就可以访问互联网;连接后,只能进行 ip ping

路由器设置如下:

  • 型号:Speedport Smart
  • 转发到 NAS 的 TCP 端口:443、80、8080、8443 + 其他 3 个端口
  • 转发到 NAS 的 UDP 端口:1194(用于 OpenVPN)、80、8080、8443、443

NAS 设置:

  • OpenVPN 启动并运行
  • 防火墙已禁用
  • 通过 synology.me 启用 DDNS
  • 没有配置静态路由
  • OpenVPN 连接成功建立

打开 VPN 客户端命令行输出:

# openvpn --config /mnt/vpn/VPNConfig.ovpn --auth-user-pass /mnt/vpn/auth.conf
Thu Jan 27 21:40:38 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Thu Jan 27 21:40:38 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Thu Jan 27 21:40:38 2022 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 27 21:40:38 2022 TCP/UDP: Preserving recently used remote address: [AF_INET] .. <ip removed>
Thu Jan 27 21:40:38 2022 UDP link local (bound): [AF_INET][undef]:1194
Thu Jan 27 21:40:38 2022 UDP link remote: [AF_INET] .. <ip removed>
Thu Jan 27 21:40:38 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 27 21:40:38 2022 [xxx.synology.me] Peer Connection Initiated with [AF_INET] .. <ip removed>
Thu Jan 27 21:40:40 2022 TUN/TAP device tun0 opened
Thu Jan 27 21:40:40 2022 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 27 21:40:40 2022 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Thu Jan 27 21:40:40 2022 /etc/openvpn/update-resolv-conf tun0 1500 1553 10.8.0.6 10.8.0.5 init
Thu Jan 27 21:40:40 2022 Initialization Sequence Completed

*.ovpn 设置:

dev tun
tls-client
remote xxx.synology.me 1194
float
redirect-gateway def1
dhcp-option DNS 192.168.2.1
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 8.8.8.8
pull
proto udp
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
...

我可以 ping 本地 ip 10.8.0.6 和外部 ip,但没有主机名:

# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=64 time=0.707 ms
# ping www.microsoft.com
ping: unknown host
# ping 2.18.233.62
PING 2.18.233.62 (2.18.233.62): 56 data bytes
64 bytes from 2.18.233.62: icmp_seq=0 ttl=58 time=40.243 ms
# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=57 time=42.636 ms

似乎DNS会引起麻烦,但我不知道下一步该做什么。

更新 2202/01/28:

# grep hosts: /etc/nsswitch.conf 
hosts:          files dns

# ls -l /etc/resolv.conf ; cat $_ 
-rw-r--r-- 1 root root 97 Jan 27 20:37 /etc/resolv.conf
# DNS requests are forwarded to the host. DHCP DNS options are ignored.
nameserver 192.168.65.5

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
    link/tunnel6 :: brd ::
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::a7fa:a4a5:a2e1:594/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:4/64 scope link 
       valid_lft forever preferred_lft forever

# systemd-resolve --status
sd_bus_open_system: No such file or directory
dns openvpn

1 个回答

  1. Best Answer

    查看 OpenVPN 配置,您正在通过 OpenVPN ( redirect-gateway def1) 隧道传输所有流量并将四个 DNS 服务器推送到客户端 ( dhcp-option DNS),其中之一是192.168.2.1

    redirect-gateway def1
dhcp-option DNS 192.168.2.1
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 8.8.8.8

    我认为所有 DNS 请求都发送到192.168.2.1可能不是有效的 DNS 服务器,如果是,它可能不是链接/可达的。

    从 .ovpn 文件中删除该行,然后重试。

    • 1

相关问题