当计算机连接到 VPN 时,本地 DNS 服务器未解析名称

当计算机连接到 VPN 时,本地 DNS 服务器未解析名称

我正在尝试使用 OpenVPN 建立一个小型 VPN 网络,这样我就可以从家里连接到办公室的工作站。

我已经设置了 OpenVPN 服务器、生成了密钥和客户端配置文件。一切正常,我可以通过 RDP 在家中连接到办公室中的工作机器,但有一个问题 - 当工作 PC 连接到我的 VPN 时,无法解析本地资源的 DNS 名称:

C:\Users\user>nslookup jira.corporate_domain.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.54.11

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\user>nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.54.11

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\user>nslookup google.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4008:808::200e
          216.58.219.142

我已将我们的本地 DNS 服务器添加到客户端配置文件,并为其添加了静态路由,但它不起作用。以下是客户端上的当前设置:

客户端电脑操作系统:Windows 10

客户端配置.ovpn

client
nobind
dev tun
key-direction 1
remote-cert-tls server

remote vpn.dns_name_of_my_server.ru 443 tcp
http-proxy proxy.corporate_dns_name.com 3129
dhcp-option DNS 192.168.54.11 
route 192.168.54.11 255.255.255.255 192.168.37.1
route 192.168.70.11 255.255.255.255 192.168.37.1

ipconfig /all在客户端上:

C:\Users\user>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : S0003445
   Primary Dns Suffix  . . . . . . . : ad.corporate_domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ad.corporate_domain.com
Ethernet adapter Ethernet 3:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-B6-98-50-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cd6:8fec:5f45:9f4f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.255.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : 30 сентября 2016 г. 17:23:51
   Lease Expires . . . . . . . . . . : 30 сентября 2017 г. 17:23:50
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.255.5
   DHCPv6 IAID . . . . . . . . . . . : 369164214
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : 192.168.54.11
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . : ad.corporate_domain.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 10-C3-7B-4C-A0-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1c57:9c8c:64b2:1aeb%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.37.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 29 сентября 2016 г. 11:04:00
   Lease Expires . . . . . . . . . . : 7 октября 2016 г. 11:03:57
   Default Gateway . . . . . . . . . : 192.168.37.1
   DHCP Server . . . . . . . . . . . : 192.168.70.21
   DHCPv6 IAID . . . . . . . . . . . : 51430267
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : 192.168.70.11
                                       192.168.54.11
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-34-4C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8cd8:5f1d:f24f:fc95%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 201850919
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network #2:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2
   Physical Address. . . . . . . . . : 08-00-27-00-F8-A8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e0b9:a45e:e853:1456%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.99.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 285736999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{E1337BD8-BE7B-4699-B5B6-6404A1995408}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.ad.sperasoft.com:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ad.sperasoft.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B6985062-CC79-4BE2-9963-92484A01C1D6}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{9CB069EA-424F-4D8A-AE63-43372ED9F0BF}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

本地 DNS 服务器可通过以下方式访问ping

C:\Users\user>ping 192.168.54.11

Pinging 192.168.54.11 with 32 bytes of data:
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=42ms TTL=126
Reply from 192.168.54.11: bytes=32 time=40ms TTL=126

Ping statistics for 192.168.54.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 42ms, Average = 41ms

静态路由也运行良好,tracert

C:\Users\user>tracert 192.168.54.11

Tracing route to 192.168.54.11 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.37.1
  2    40 ms    39 ms    39 ms  192.168.50.2
  3    44 ms    40 ms    40 ms  192.168.54.11

Trace complete.

我错过了什么?

答案1

您可能已经通过将域 DNS 后缀推送到客户端并将 TAP 适配器移到绑定顺序的顶部(最低指标)来使其正常工作。您是否能够成功 ping 您尝试访问的域主机的 FQDN?

答案2

好的,我无法解决 DNS 解析的初始问题,但经过一番思考后,我意识到对于提到的任务(从互联网连接到工作站的能力)来说 VPN 有点小题大做。

配置 3389(RDP)的反向 ssh 端口转发并通过使用现有的 HTTP 代理服务器绕过公司防火墙要容易得多(VPS 服务器上的 ssh 守护程序应在 443 端口上监听才能正常工作)

相关内容