我有一个 DS215J 并且想要执行以下操作:
- VPN 服务器使用 OpenVPN 运行 -> 完成
- 使用 synology.me 设置 DDNS -> 完成
- 导出 *.ovpn 文件并通过 Ubuntu 连接 -> 完成
- 问题:当连接到 VPN 时,Ubuntu 没有“主机名互联网访问”;只有对 ip 的 ping 有效
- 只要 Ubuntu 没有连接到 VPN,就可以访问互联网;连接后,只能进行 ip ping
路由器设置如下:
- 型号:Speedport Smart
- 转发到 NAS 的 TCP 端口:443、80、8080、8443 + 其他 3 个端口
- 转发到 NAS 的 UDP 端口:1194(用于 OpenVPN)、80、8080、8443、443
NAS 设置:
- OpenVPN 启动并运行
- 防火墙已禁用
- 通过 synology.me 启用 DDNS
- 没有配置静态路由
- OpenVPN 连接成功建立
打开 VPN 客户端命令行输出:
# openvpn --config /mnt/vpn/VPNConfig.ovpn --auth-user-pass /mnt/vpn/auth.conf
Thu Jan 27 21:40:38 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Thu Jan 27 21:40:38 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Thu Jan 27 21:40:38 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 27 21:40:38 2022 TCP/UDP: Preserving recently used remote address: [AF_INET] .. <ip removed>
Thu Jan 27 21:40:38 2022 UDP link local (bound): [AF_INET][undef]:1194
Thu Jan 27 21:40:38 2022 UDP link remote: [AF_INET] .. <ip removed>
Thu Jan 27 21:40:38 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 27 21:40:38 2022 [xxx.synology.me] Peer Connection Initiated with [AF_INET] .. <ip removed>
Thu Jan 27 21:40:40 2022 TUN/TAP device tun0 opened
Thu Jan 27 21:40:40 2022 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 27 21:40:40 2022 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Thu Jan 27 21:40:40 2022 /etc/openvpn/update-resolv-conf tun0 1500 1553 10.8.0.6 10.8.0.5 init
Thu Jan 27 21:40:40 2022 Initialization Sequence Completed
*.ovpn 设置:
dev tun
tls-client
remote xxx.synology.me 1194
float
redirect-gateway def1
dhcp-option DNS 192.168.2.1
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 8.8.8.8
pull
proto udp
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
...
我可以 ping 本地 ip 10.8.0.6 和外部 ip,但没有主机名:
# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=64 time=0.707 ms
# ping www.microsoft.com
ping: unknown host
# ping 2.18.233.62
PING 2.18.233.62 (2.18.233.62): 56 data bytes
64 bytes from 2.18.233.62: icmp_seq=0 ttl=58 time=40.243 ms
# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=57 time=42.636 ms
似乎DNS会引起麻烦,但我不知道下一步该做什么。
更新 2202/01/28:
# grep hosts: /etc/nsswitch.conf
hosts: files dns
# ls -l /etc/resolv.conf ; cat $_
-rw-r--r-- 1 root root 97 Jan 27 20:37 /etc/resolv.conf
# DNS requests are forwarded to the host. DHCP DNS options are ignored.
nameserver 192.168.65.5
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
link/tunnel6 :: brd ::
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::a7fa:a4a5:a2e1:594/64 scope link stable-privacy
valid_lft forever preferred_lft forever
20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:4/64 scope link
valid_lft forever preferred_lft forever
# systemd-resolve --status
sd_bus_open_system: No such file or directory
查看 OpenVPN 配置,您正在通过 OpenVPN (
redirect-gateway def1
) 隧道传输所有流量并将四个 DNS 服务器推送到客户端 (dhcp-option DNS
),其中之一是192.168.2.1
:我认为所有 DNS 请求都发送到
192.168.2.1
可能不是有效的 DNS 服务器,如果是,它可能不是链接/可达的。从 .ovpn 文件中删除该行,然后重试。