通过网络管理器(GUI)进行的 OpenVPN 连接即使已连接也无法工作

通过网络管理器(GUI)进行的 OpenVPN 连接即使已连接也无法工作

我需要访问资源(通过 ssh),这需要我连接到他们的 VPN 服务器。他们为我提供了一个配置文件供使用。
情况1
我使用sudo openvpn --config path-to-ovpn-config后通过 ssh 连接到他们的服务器,没有任何问题。
案例 2
我将配置文件导入到我的网络管理器(GUI)并连接到 VPN 服务器。我每次都需要输入密码,因为他们使用基于手机应用程序的动态密码(所以我将其设置为每次都询问密码)。我输入密码后它就连接上了(我使用了错误的密码来检查它是否真的得到了验证,结果它得到了验证)。现在当我 ssh 到他们的服务器时,我得到了Could not resolve hostname server-address: Temporary failure in name resolution
如何让它与网络管理器(GUI)一起工作,它到底出了什么问题?
细节
操作系统 - Kubuntu 18.10,带有 Plasma 5.14
OpenVPN 2.4.6 x86_64-pc-linux-gnu

我尝试了这里提到的一些答案,但显然没有用 -OpenVPN 已连接但在 Ubuntu 14.04 / 16.04 上无法访问互联网

更新:
输出ls -al /etc/resolv.conf-

lrwxrwxrwx 1 root root 39 Dec 18 13:26 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

输出cat /etc/resolv.conf-

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
search iitd.ac.in cc.iitd.ac.in

输出ps auxc | grep -i dns-

libvirt+  2412  0.0  0.0  27460   344 ?        S    20:50   0:00 dnsmasq
root      2413  0.0  0.0  27432   344 ?        S    20:50   0:00 dnsmasq

输出ps auxc | grep -i resolv-

systemd+   777  0.0  0.1  54524  8116 ?        Ss   20:49   0:01 systemd-resolve

输出host www.ebay.com-
1. 无需 VPN -

www.ebay.com is an alias for slot9428.ebay.com.edgekey.net.
slot9428.ebay.com.edgekey.net is an alias for e9428.b.akamaiedge.net.
e9428.b.akamaiedge.net has address 104.65.228.43

2. 使用 VPN(从网络管理员) -

;; connection timed out; no servers could be reached

就像我之前提到的那样,使用 VPN 的输出与sudo openvpn --config path-to-ovpn-config不使用 VPN 的输出相同host www.ebay.com

更新 2:
输出cat /etc/NetworkManager/NetworkManager.conf

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no

输出cat /etc/resolv.conf

nameserver 10.10.2.2
nameserver 10.10.1.2
search iitd.ac.in cc.iitd.ac.in

输出resolvectl

Global
       LLMNR setting: no
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 9 (tun0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 5 (virbr0-nic)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 4 (virbr0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (wlo1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 10.10.2.2
                      10.10.1.2
          DNS Domain: ~.
                      iitd.ac.in
                      cc.iitd.ac.in

Link 2 (eno1)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

通过网络管理器(GUI),我的意思是 - 在此处输入图片描述

更新 3:
.ovpn文件

client
dev tun
proto tcp
remote **** 443
verify-x509-name ****
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher ****
auth ****
comp-lzo 
route-delay 4
verb 3
reneg-sec 0
<ca>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ****
    Signature Algorithm: ****
        Issuer: ****
        Validity
            Not Before: ****
            Not After : ****
        Subject: ****
        Subject Public Key Info:
            Public Key Algorithm: ****
                Public-Key: (2048 bit)
                Modulus:
                    ****
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                ****
            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Subject Alternative Name: 
                ****
    Signature Algorithm: ****
         ****
-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ****
    Signature Algorithm: ****
        Issuer: ****
        Validity
            Not Before: ****
            Not After : ****
        Subject: ****
        Subject Public Key Info:
            Public Key Algorithm: ****
                Public-Key: (2048 bit)
                Modulus:
                    ****
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                ****
            X509v3 Authority Key Identifier: 
                ****

            X509v3 Subject Alternative Name: 
                *****
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                *****
    Signature Algorithm: ****
         *****
-----BEGIN CERTIFICATE-----
******
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
******
-----END PRIVATE KEY-----
</key>

答案1

关于dnsmasqsystemd-resolved...

执行ps auxc | grep -i dnsps auxc | grep -i resolv并查找dnsmasqsystemd-resolved,如果两者都在运行,则需要systemd-resolved通过编辑/etc/systemd/resolved.conf和禁用的 DNS 部分......

改变:

#DNSStubListener=yes

到:

DNSStubListener=no

然后重新启动 systemd-resolve 和 dnsmasq,或者重新启动。

更新#1:

从各种评论来看……

  • 域名系统工作正常通常情况下
  • 域名系统工作正常使用时sudo openvpn config_file
  • dns 确实不是将 .ovpn 文件导入 NetworkManager 并使用 VPN 后即可工作

  • 我们更新了符号链接/etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf以指向../run/systemd/resolve/resolv.conf

  • 我们删除了模组/etc/systemd/resolved.conf

  • 我们删除了 dnsmsasq* 并检查/etc/NetworkManager/NetworkManager.conf...dns=dnsmasq未找到

  • 怀疑原始 .ovpn 文件存在问题,或者 NetworkManager 没有完全导入 .ovpn 文件以供 NetworkManager 使用

  • 我们将尝试将以下三行添加到 .ovpn 文件,重新导入它,并查看 DNS 服务器是否出现在tun0我们查看时resolvectl


script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

相关内容