使用配置文件启动时 OpenVPN 无法访问互联网

使用配置文件启动时 OpenVPN 无法访问互联网

我在连接 OpenVPN 时遇到问题。我已连接到 WiFi,但几乎无法访问互联网。我在 ping 时得到响应8.8.8.8但不适用于像这样的域谷歌网站ETC。

我按照这里的指南进行操作: https://www.ovpn.com/en/guides/debian

我使用了命令:

openvpn --config /etc/openvpn/ovpn.conf --daemon

之后连接就断开了。

这是 ping 的输出,在我连接到 VPN 后拍摄的:

root@xxx:/tmp# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=115 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=90.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=121 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=120 time=115 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=120 time=149 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=120 time=118 ms

root@xxx:/tmp# ping google.com
ping: google.com: Name or service not known

root@xxx:/tmp# ping stackoverflow.com
ping: ovpn.se: Name or service not known

当我仍然保持连接时,以下是(bredbandsbolaget.se 是我的 ISP)的内容/etc/resolv.conf

root@xxx:/tmp# cat /etc/resolv.conf 
# Generated by NetworkManager
search bredbandsbolaget.se
nameserver 81.26.228.3
nameserver 81.26.227.3

这是我的配置文件:

root@xxx:/var/log# cat /etc/openvpn/ovpn.conf 
client
dev tun
remote-random

proto tcp
remote domain.com 443

remote-cert-tls server
cipher aes-256-cbc
ncp-ciphers XXX
pull

nobind
reneg-sec 432000
resolv-retry infinite

compress lzo
verb 3

persist-key
persist-tun
auth-user-pass /etc/openvpn/credentials
ca /etc/openvpn/ovpn-ca.crt
tls-auth /etc/openvpn/ovpn-tls.key 1
log /tmp/openvpn.log
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

日志输出:

Tue Mar  5 20:11:55 2019 WARNING: file '/etc/openvpn/ovpn-tls.key' is group or others accessible
Tue Mar  5 20:11:55 2019 WARNING: file '/etc/openvpn/credentials' is group or others accessible
Tue Mar  5 20:11:55 2019 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Tue Mar  5 20:11:55 2019 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.08
Tue Mar  5 20:11:55 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Mar  5 20:11:55 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  5 20:11:55 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  5 20:11:55 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:55 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Mar  5 20:11:55 2019 Attempting to establish TCP connection with [AF_INET]149.13.91.8:443 [nonblock]
Tue Mar  5 20:11:56 2019 TCP connection established with [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:56 2019 TCP_CLIENT link local: (not bound)
Tue Mar  5 20:11:56 2019 TCP_CLIENT link remote: [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:57 2019 TLS: Initial packet from [AF_INET]149.13.91.8:443, sid=a2a916e3 6e86cce1
Tue Mar  5 20:11:57 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar  5 20:11:57 2019 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, OU=Firma David Wibergh, CN=ovpn.se ca, [email protected]
Tue Mar  5 20:11:57 2019 Validating certificate key usage
Tue Mar  5 20:11:57 2019 ++ Certificate has key usage  00a0, expects 00a0
Tue Mar  5 20:11:57 2019 VERIFY KU OK
Tue Mar  5 20:11:57 2019 Validating certificate extended key usage
Tue Mar  5 20:11:57 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Mar  5 20:11:57 2019 VERIFY EKU OK
Tue Mar  5 20:11:57 2019 VERIFY OK: depth=0, CN=vpn19.prd.frankfurt.ovpn.com
Tue Mar  5 20:11:57 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Mar  5 20:11:57 2019 [vpn19.prd.frankfurt.ovpn.com] Peer Connection Initiated with [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:58 2019 SENT CONTROL [vpn19.prd.frankfurt.ovpn.com]: 'PUSH_REQUEST' (status=1)
Tue Mar  5 20:12:03 2019 SENT CONTROL [vpn19.prd.frankfurt.ovpn.com]: 'PUSH_REQUEST' (status=1)
Tue Mar  5 20:12:03 2019 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 60,persist-key,redirect-gateway def1,explicit-exit-notify 2,comp-lzo yes,route-gateway 10.134.0.1,topology subnet,tun-ipv6,route-ipv6 2000::/3,dhcp-option DNS 2001:67c:750:1:cafe:cd45::1,dhcp-option DNS 2a07:a880:4601:10f0:cd45::1,dhcp-option DNS 46.227.67.134,dhcp-option DNS 192.165.9.158,ifconfig-ipv6 2001:978:902:1908:8bc1:ab3:5d72:cb1c/64 2001:978:902:1908::1,ifconfig 10.134.146.253 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Tue Mar  5 20:12:03 2019 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks 
Tue Mar  5 20:12:03 2019 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: compression parms modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --persist options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: route options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: route-related options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: peer-id set
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: data channel crypto options modified
Tue Mar  5 20:12:03 2019 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  5 20:12:03 2019 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  5 20:12:03 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp2s0 HWADDR=28:cf:e9:52:dc:e7
Tue Mar  5 20:12:03 2019 GDG6: remote_host_ipv6=n/a
Tue Mar  5 20:12:03 2019 ROUTE6: default_gateway=UNDEF
Tue Mar  5 20:12:03 2019 TUN/TAP device tun0 opened
Tue Mar  5 20:12:03 2019 TUN/TAP TX queue length set to 100
Tue Mar  5 20:12:03 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Tue Mar  5 20:12:03 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar  5 20:12:03 2019 /sbin/ip addr add dev tun0 10.134.146.253/16 broadcast 10.134.255.255
Tue Mar  5 20:12:03 2019 /sbin/ip -6 addr add 2001:978:902:1908:8bc1:ab3:5d72:cb1c/64 dev tun0
Tue Mar  5 20:12:03 2019 /etc/openvpn/update-resolv-conf tun0 1500 1555 10.134.146.253 255.255.0.0 init
Tue Mar  5 20:12:03 2019 /sbin/ip route add 149.13.91.8/32 via 192.168.1.1
Tue Mar  5 20:12:03 2019 /sbin/ip route add 0.0.0.0/1 via 10.134.0.1
Tue Mar  5 20:12:03 2019 /sbin/ip route add 128.0.0.0/1 via 10.134.0.1
Tue Mar  5 20:12:03 2019 add_route_ipv6(2000::/3 -> 2001:978:902:1908::1 metric -1) dev tun0
Tue Mar  5 20:12:03 2019 /sbin/ip -6 route add 2000::/3 dev tun0
Tue Mar  5 20:12:03 2019 Initialization Sequence Completed
Tue Mar  5 20:22:25 2019 event_wait : Interrupted system call (code=4)
Tue Mar  5 20:22:25 2019 /sbin/ip route del 149.13.91.8/32
Tue Mar  5 20:22:25 2019 /sbin/ip route del 0.0.0.0/1
Tue Mar  5 20:22:25 2019 /sbin/ip route del 128.0.0.0/1
Tue Mar  5 20:22:25 2019 delete_route_ipv6(2000::/3)
Tue Mar  5 20:22:25 2019 /sbin/ip -6 route del 2000::/3 dev tun0
Tue Mar  5 20:22:25 2019 Closing TUN/TAP interface
Tue Mar  5 20:22:25 2019 /sbin/ip addr del dev tun0 10.134.146.253/16
Tue Mar  5 20:22:25 2019 /sbin/ip -6 addr del 2001:978:902:1908:8bc1:ab3:5d72:cb1c/64 dev tun0
Tue Mar  5 20:22:25 2019 /etc/openvpn/update-resolv-conf tun0 1500 1555 10.134.146.253 255.255.0.0 init
Tue Mar  5 20:22:25 2019 SIGTERM[hard,] received, process exiting

我真的不知道我可以在这里调查什么出了问题。

答案1

我通过向 dhclient.conf 添加前置名称服务器解决了问题。为什么我不知道。

prepend domain-name-servers IP1, IP2;

在下面/etc/dhcp/dhclient.conf

相关内容