我需要访问资源(通过 ssh),这需要我连接到他们的 VPN 服务器。他们为我提供了一个配置文件供使用。
情况1:
我使用sudo openvpn --config path-to-ovpn-config
后通过 ssh 连接到他们的服务器,没有任何问题。
案例 2:
我将配置文件导入到我的网络管理器(GUI)并连接到 VPN 服务器。我每次都需要输入密码,因为他们使用基于手机应用程序的动态密码(所以我将其设置为每次都询问密码)。我输入密码后它就连接上了(我使用了错误的密码来检查它是否真的得到了验证,结果它得到了验证)。现在当我 ssh 到他们的服务器时,我得到了Could not resolve hostname server-address: Temporary failure in name resolution
。
如何让它与网络管理器(GUI)一起工作,它到底出了什么问题?
细节:
操作系统 - Kubuntu 18.10,带有 Plasma 5.14
OpenVPN 2.4.6 x86_64-pc-linux-gnu
我尝试了这里提到的一些答案,但显然没有用 -OpenVPN 已连接但在 Ubuntu 14.04 / 16.04 上无法访问互联网
更新:
输出ls -al /etc/resolv.conf
-
lrwxrwxrwx 1 root root 39 Dec 18 13:26 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
输出cat /etc/resolv.conf
-
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
search iitd.ac.in cc.iitd.ac.in
输出ps auxc | grep -i dns
-
libvirt+ 2412 0.0 0.0 27460 344 ? S 20:50 0:00 dnsmasq
root 2413 0.0 0.0 27432 344 ? S 20:50 0:00 dnsmasq
输出ps auxc | grep -i resolv
-
systemd+ 777 0.0 0.1 54524 8116 ? Ss 20:49 0:01 systemd-resolve
输出host www.ebay.com
-
1. 无需 VPN -
www.ebay.com is an alias for slot9428.ebay.com.edgekey.net.
slot9428.ebay.com.edgekey.net is an alias for e9428.b.akamaiedge.net.
e9428.b.akamaiedge.net has address 104.65.228.43
2. 使用 VPN(从网络管理员) -
;; connection timed out; no servers could be reached
就像我之前提到的那样,使用 VPN 的输出与sudo openvpn --config path-to-ovpn-config
不使用 VPN 的输出相同host www.ebay.com
。
更新 2:
输出cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no
输出cat /etc/resolv.conf
nameserver 10.10.2.2
nameserver 10.10.1.2
search iitd.ac.in cc.iitd.ac.in
输出resolvectl
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 9 (tun0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 5 (virbr0-nic)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 4 (virbr0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 3 (wlo1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.10.2.2
10.10.1.2
DNS Domain: ~.
iitd.ac.in
cc.iitd.ac.in
Link 2 (eno1)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
更新 3:
.ovpn
文件
client
dev tun
proto tcp
remote **** 443
verify-x509-name ****
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher ****
auth ****
comp-lzo
route-delay 4
verb 3
reneg-sec 0
<ca>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
****
Signature Algorithm: ****
Issuer: ****
Validity
Not Before: ****
Not After : ****
Subject: ****
Subject Public Key Info:
Public Key Algorithm: ****
Public-Key: (2048 bit)
Modulus:
****
X509v3 extensions:
X509v3 Subject Key Identifier:
****
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
****
Signature Algorithm: ****
****
-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
****
Signature Algorithm: ****
Issuer: ****
Validity
Not Before: ****
Not After : ****
Subject: ****
Subject Public Key Info:
Public Key Algorithm: ****
Public-Key: (2048 bit)
Modulus:
****
X509v3 extensions:
X509v3 Subject Key Identifier:
****
X509v3 Authority Key Identifier:
****
X509v3 Subject Alternative Name:
*****
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
*****
Signature Algorithm: ****
*****
-----BEGIN CERTIFICATE-----
******
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
******
-----END PRIVATE KEY-----
</key>
答案1
关于dnsmasq
和systemd-resolved
...
执行ps auxc | grep -i dns
和ps auxc | grep -i resolv
并查找dnsmasq
和systemd-resolved
,如果两者都在运行,则需要systemd-resolved
通过编辑/etc/systemd/resolved.conf
和禁用的 DNS 部分......
改变:
#DNSStubListener=yes
到:
DNSStubListener=no
然后重新启动 systemd-resolve 和 dnsmasq,或者重新启动。
更新#1:
从各种评论来看……
- 域名系统工作正常通常情况下
- 域名系统工作正常使用时
sudo openvpn config_file
dns 确实不是将 .ovpn 文件导入 NetworkManager 并使用 VPN 后即可工作
我们更新了符号链接
/etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
以指向../run/systemd/resolve/resolv.conf
我们删除了模组
/etc/systemd/resolved.conf
我们删除了 dnsmsasq* 并检查
/etc/NetworkManager/NetworkManager.conf
...dns=dnsmasq
未找到怀疑原始 .ovpn 文件存在问题,或者 NetworkManager 没有完全导入 .ovpn 文件以供 NetworkManager 使用
我们将尝试将以下三行添加到 .ovpn 文件,重新导入它,并查看 DNS 服务器是否出现在
tun0
我们查看时resolvectl
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf