我正在尝试使用 OpenVPN 建立一个小型 VPN 网络,这样我就可以从家里连接到办公室的工作站。
我已经设置了 OpenVPN 服务器、生成了密钥和客户端配置文件。一切正常,我可以通过 RDP 在家中连接到办公室中的工作机器,但有一个问题 - 当工作 PC 连接到我的 VPN 时,无法解析本地资源的 DNS 名称:
C:\Users\user>nslookup jira.corporate_domain.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.54.11
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\user>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.54.11
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\user>nslookup google.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:4008:808::200e
216.58.219.142
我已将我们的本地 DNS 服务器添加到客户端配置文件,并为其添加了静态路由,但它不起作用。以下是客户端上的当前设置:
客户端电脑操作系统:Windows 10
客户端配置.ovpn:
client
nobind
dev tun
key-direction 1
remote-cert-tls server
remote vpn.dns_name_of_my_server.ru 443 tcp
http-proxy proxy.corporate_dns_name.com 3129
dhcp-option DNS 192.168.54.11
route 192.168.54.11 255.255.255.255 192.168.37.1
route 192.168.70.11 255.255.255.255 192.168.37.1
ipconfig /all在客户端上:
C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : S0003445
Primary Dns Suffix . . . . . . . : ad.corporate_domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ad.corporate_domain.com
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-B6-98-50-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd6:8fec:5f45:9f4f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.255.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : 30 сентября 2016 г. 17:23:51
Lease Expires . . . . . . . . . . : 30 сентября 2017 г. 17:23:50
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.255.5
DHCPv6 IAID . . . . . . . . . . . : 369164214
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : 192.168.54.11
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : ad.corporate_domain.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 10-C3-7B-4C-A0-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1c57:9c8c:64b2:1aeb%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.37.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 29 сентября 2016 г. 11:04:00
Lease Expires . . . . . . . . . . : 7 октября 2016 г. 11:03:57
Default Gateway . . . . . . . . . : 192.168.37.1
DHCP Server . . . . . . . . . . . : 192.168.70.21
DHCPv6 IAID . . . . . . . . . . . : 51430267
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : 192.168.70.11
192.168.54.11
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-34-4C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8cd8:5f1d:f24f:fc95%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201850919
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network #2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2
Physical Address. . . . . . . . . : 08-00-27-00-F8-A8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e0b9:a45e:e853:1456%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.99.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 285736999
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{E1337BD8-BE7B-4699-B5B6-6404A1995408}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.ad.sperasoft.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ad.sperasoft.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B6985062-CC79-4BE2-9963-92484A01C1D6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{9CB069EA-424F-4D8A-AE63-43372ED9F0BF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
本地 DNS 服务器可通过以下方式访问ping:
C:\Users\user>ping 192.168.54.11
Pinging 192.168.54.11 with 32 bytes of data:
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=42ms TTL=126
Reply from 192.168.54.11: bytes=32 time=40ms TTL=126
Ping statistics for 192.168.54.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 42ms, Average = 41ms
静态路由也运行良好,tracert:
C:\Users\user>tracert 192.168.54.11
Tracing route to 192.168.54.11 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.37.1
2 40 ms 39 ms 39 ms 192.168.50.2
3 44 ms 40 ms 40 ms 192.168.54.11
Trace complete.
我错过了什么?
答案1
您可能已经通过将域 DNS 后缀推送到客户端并将 TAP 适配器移到绑定顺序的顶部(最低指标)来使其正常工作。您是否能够成功 ping 您尝试访问的域主机的 FQDN?
答案2
好的,我无法解决 DNS 解析的初始问题,但经过一番思考后,我意识到对于提到的任务(从互联网连接到工作站的能力)来说 VPN 有点小题大做。
配置 3389(RDP)的反向 ssh 端口转发并通过使用现有的 HTTP 代理服务器绕过公司防火墙要容易得多(VPS 服务器上的 ssh 守护程序应在 443 端口上监听才能正常工作)