我已经在 Ubuntu 服务器上设置了 OpenVPN,并且在家里运行 Fedora 30,我注意到我有 DNS 泄漏。
我尝试过很多解决方案,例如:
解决方案(1):有点用
新文件:
nano /etc/dhcp/dhclient.conf
然后加:
supersede domain-name-servers <dns ip>;
然后重新启动网络管理器:
service NetworkManager restart
然后,如果我检查 resolv.conf 文件来查看 DNS 是否正在使用:
sudo nano /etc/resolv.conf
它正在使用,但当我进行 DNS 泄漏测试时,仍然有泄漏
解决方案(2):
我已将这一行添加到 client.ovpn 文件中,但没有任何变化
setenv opt block-outside-dns
解决方案(3):
我在 client.ovpn 文件中尝试了这些行
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
然后我收到这个错误:
'/etc/openvpn/update-resolv-conf': No such file or directory
我所需要的只是强制 dns 通过 openvpn 或者通过我设置的 dns。
答案1
最终问题解决了,方法如下:
将这些行添加到 client.ovpn 的末尾
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
然后尝试连接:
openvpn --config client.ovpn
如果出现此错误:
'/etc/openvpn/update-resolv-conf': No such file or directory
然后执行以下额外步骤:
nano /etc/openvpn/update-resolv-conf
然后粘贴此内容:
#!/bin/bash
#
# Adjusted for CentOS7/RHEL/Fedora
#
# Note: ideally networKManager would handle this via dnsmasq, but it doesn't
# appear to handle this dynamically as of yet. So we'll just clobber it.
# We run the risk that NeworkManager will replace it later..
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
split_into_parts()
{
part1="$1"
part2="$2"
part3="$3"
}
case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
echo "Found Option: $option"
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
done
R=""
[ "$SRCHS" ] && R="search $SRCHS
"
for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
cp /etc/resolv.conf "/etc/resolv.conf.pre:$dev"
cat > /etc/resolv.conf <<END
# generated by /etc/openvpn/update-resolv-conf
$R
END
;;
down)
mv "/etc/resolv.conf.pre:$dev" /etc/resolv.conf
;;
esac
然后赋予文件执行权限:
chmod +x /etc/openvpn/update-resolv-conf
然后尝试再次连接
openvpn --config client.ovpn
注意:经过此配置后,我发现没有 openvpn 就无法访问互联网。
要修复此问题,请打开此文件
nano /etc/resolv.conf
然后删除所有内容并将其替换为您想要的任何 DNS(本地 DNS 或 Google DNS 等)
nameserver yourDns
答案2
如果你从 Ubuntu repo 安装了 OpenVPN,它应该已经安装了该文件/etc/openvpn/update-resolv-conf
,并且解决方案(3)应该有效,只需添加以下行:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
然后运行:
sudo openvpn --config client.ovpn
如果未创建该文件,请手动创建它并粘贴到上述行中。