我在 Fedora 30 中使用 OpenVPN 时遇到 DNS 泄漏

Question 1

最终问题解决了，方法如下：

将这些行添加到 client.ovpn 的末尾

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

然后尝试连接：

openvpn --config client.ovpn

如果出现此错误：

'/etc/openvpn/update-resolv-conf': No such file or directory

然后执行以下额外步骤：

nano /etc/openvpn/update-resolv-conf

然后粘贴此内容：

#!/bin/bash
# 
# Adjusted for CentOS7/RHEL/Fedora
#
# Note: ideally networKManager would handle this via dnsmasq, but it doesn't
# appear to handle this dynamically as of yet.  So we'll just clobber it.
# We run the risk that NeworkManager will replace it later..
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
# 
# Example envs set from openvpn:
#
#     foreign_option_1='dhcp-option DNS 193.43.27.132'
#     foreign_option_2='dhcp-option DNS 193.43.27.133'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#

split_into_parts()
{
    part1="$1"
    part2="$2"
    part3="$3"
}

case "$script_type" in
  up)
    NMSRVRS=""
    SRCHS=""
        for optionvarname in ${!foreign_option_*} ; do
        option="${!optionvarname}"
        echo "Found Option: $option"
        split_into_parts $option
        if [ "$part1" = "dhcp-option" ] ; then
            if [ "$part2" = "DNS" ] ; then
                NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
            elif [ "$part2" = "DOMAIN" ] ; then
                SRCHS="${SRCHS:+$SRCHS }$part3"
            fi
        fi
    done
    R=""
    [ "$SRCHS" ] && R="search $SRCHS
"
    for NS in $NMSRVRS ; do
            R="${R}nameserver $NS
"
    done
    cp /etc/resolv.conf "/etc/resolv.conf.pre:$dev"
    cat > /etc/resolv.conf <<END
# generated by /etc/openvpn/update-resolv-conf
$R
END
    ;;
  down)
    mv "/etc/resolv.conf.pre:$dev" /etc/resolv.conf
    ;;
esac

然后赋予文件执行权限：

chmod +x /etc/openvpn/update-resolv-conf

然后尝试再次连接

openvpn --config client.ovpn

注意：经过此配置后，我发现没有 openvpn 就无法访问互联网。

要修复此问题，请打开此文件

nano /etc/resolv.conf

然后删除所有内容并将其替换为您想要的任何 DNS（本地 DNS 或 Google DNS 等）

nameserver yourDns

Answer

最终问题解决了，方法如下：

将这些行添加到 client.ovpn 的末尾

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

然后尝试连接：

openvpn --config client.ovpn

如果出现此错误：

'/etc/openvpn/update-resolv-conf': No such file or directory

然后执行以下额外步骤：

nano /etc/openvpn/update-resolv-conf

然后粘贴此内容：

#!/bin/bash
# 
# Adjusted for CentOS7/RHEL/Fedora
#
# Note: ideally networKManager would handle this via dnsmasq, but it doesn't
# appear to handle this dynamically as of yet.  So we'll just clobber it.
# We run the risk that NeworkManager will replace it later..
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
# 
# Example envs set from openvpn:
#
#     foreign_option_1='dhcp-option DNS 193.43.27.132'
#     foreign_option_2='dhcp-option DNS 193.43.27.133'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#

split_into_parts()
{
    part1="$1"
    part2="$2"
    part3="$3"
}

case "$script_type" in
  up)
    NMSRVRS=""
    SRCHS=""
        for optionvarname in ${!foreign_option_*} ; do
        option="${!optionvarname}"
        echo "Found Option: $option"
        split_into_parts $option
        if [ "$part1" = "dhcp-option" ] ; then
            if [ "$part2" = "DNS" ] ; then
                NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
            elif [ "$part2" = "DOMAIN" ] ; then
                SRCHS="${SRCHS:+$SRCHS }$part3"
            fi
        fi
    done
    R=""
    [ "$SRCHS" ] && R="search $SRCHS
"
    for NS in $NMSRVRS ; do
            R="${R}nameserver $NS
"
    done
    cp /etc/resolv.conf "/etc/resolv.conf.pre:$dev"
    cat > /etc/resolv.conf <<END
# generated by /etc/openvpn/update-resolv-conf
$R
END
    ;;
  down)
    mv "/etc/resolv.conf.pre:$dev" /etc/resolv.conf
    ;;
esac

然后赋予文件执行权限：

chmod +x /etc/openvpn/update-resolv-conf

然后尝试再次连接

openvpn --config client.ovpn

注意：经过此配置后，我发现没有 openvpn 就无法访问互联网。

要修复此问题，请打开此文件

nano /etc/resolv.conf

然后删除所有内容并将其替换为您想要的任何 DNS（本地 DNS 或 Google DNS 等）

nameserver yourDns

Question 2

如果你从 Ubuntu repo 安装了 OpenVPN，它应该已经安装了该文件/etc/openvpn/update-resolv-conf，并且解决方案（3）应该有效，只需添加以下行：

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

然后运行：

sudo openvpn --config client.ovpn

如果未创建该文件，请手动创建它并粘贴到上述行中。

Answer

如果你从 Ubuntu repo 安装了 OpenVPN，它应该已经安装了该文件/etc/openvpn/update-resolv-conf，并且解决方案（3）应该有效，只需添加以下行：

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

然后运行：

sudo openvpn --config client.ovpn

如果未创建该文件，请手动创建它并粘贴到上述行中。

我在 Fedora 30 中使用 OpenVPN 时遇到 DNS 泄漏

答案1

答案2

相关内容