问题:我可以连接到 PIA 服务器,但连接后无法解析任何网站。当我断开 VPN 的连接时,任何网站都会正常加载。
我的情况:5.8.8-arch1-1。我使用网络管理器,但我也有 PIA 客户端。都不起作用。我有尝试在网络管理器及其客户端中手动添加 PIA 的 DNS 服务器(因此请不要仅粘贴到 arch wiki 的链接)。我的订阅处于活动状态,因为我可以通过其他操作系统使用 PIA 访问网络。
任何帮助将不胜感激!谢谢!
答案1
您可以读取一些日志文件,例如 /var/log/messages 和/var/log/syslog,或者带有“dmesg”的内核环形缓冲区。听起来你的 DNS 设置很糟糕。当系统尝试获取 IP 时,它无法获取 IP,因为它未配置为在连接 VPN 时访问 DNS 服务器。没有自动方法可以解决此问题。
这种情况通常不会再发生了。但是,如果您在网络管理器 (NM) 中配置了 PIA,并且您使用的是 PIA 桌面客户端,则可以做到这一点。您想要使用 PIA 的 DNS 服务器。因此,请确保在 PIA 客户端的“设置”中检查了这一点。
查看 nm 并删除所有 PIA VPN。先把它们关掉。获取最新的 PIA 客户端并安装。看一下“iptables -L”。 DNS 被阻止了吗?重启。查看“/etc/resolve.conf”。有什么有趣的吗? /var 中还有另一个“resolve.conf”虚拟文件。也检查一下那个。但您可能需要使用“查找”来查找它。 /var中的实际上是一个套接字,而不是磁盘文件。
如果互联网问题在此过程中得到解决,您无需完成此答案中的所有内容。
答案2
感谢您的详细回复。我刚刚更新了客户端并解决了所有问题,所以不用担心。我很好奇我应该寻找什么。我没有 /var/log/messages 也没有 /var/log/syslog 文件。
预更新:dmesg给出以下内容(从有关蓝牙适配器和声卡的启动消息结束的位置开始):
[ 19.382223] Bluetooth: RFCOMM ver 1.11
[ 20.289468] rfkill: input handler disabled
[ 22.012225] wlp115s0: authenticate with 04:d9:f5:2b:4f:a8
[ 22.017983] wlp115s0: send auth to 04:d9:f5:2b:4f:a8 (try 1/3)
[ 22.049891] wlp115s0: authenticated
[ 22.050545] wlp115s0: associate with 04:d9:f5:2b:4f:a8 (try 1/3)
[ 22.052708] wlp115s0: RX AssocResp from 04:d9:f5:2b:4f:a8 (capab=0x1011 status=0 aid=5)
[ 22.062585] wlp115s0: associated
[ 22.089777] IPv6: ADDRCONF(NETDEV_CHANGE): wlp115s0: link becomes ready
[ 22.152999] wlp115s0: Limiting TX power to 30 (30 - 0) dBm as advertised by 04:d9:f5:2b:4f:a8
[ 28.880556] kauditd_printk_skb: 14 callbacks suppressed
[ 28.880557] audit: type=1131 audit(1600680230.347:286): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@969 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 28.888291] audit: type=1131 audit(1600680230.357:287): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@969 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 32.025383] audit: type=1131 audit(1600680233.493:288): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 50.337876] audit: type=1131 audit(1600680251.807:289): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 50.600663] audit: type=1334 audit(1600680252.070:290): prog-id=10 op=UNLOAD
[ 50.600667] audit: type=1334 audit(1600680252.070:291): prog-id=9 op=UNLOAD
[ 50.952688] audit: type=1131 audit(1600680252.420:292): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 51.200918] audit: type=1334 audit(1600680252.670:293): prog-id=16 op=UNLOAD
[ 51.200926] audit: type=1334 audit(1600680252.670:294): prog-id=15 op=UNLOAD
[ 80.021647] audit: type=1131 audit(1600680281.490:295): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 101.104781] audit: type=1334 audit(1600680302.573:296): prog-id=17 op=LOAD
[ 101.104813] audit: type=1334 audit(1600680302.573:297): prog-id=18 op=LOAD
[ 101.344804] audit: type=1130 audit(1600680302.813:298): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 106.863153] audit: type=1325 audit(1600680308.330:299): table=filter family=2 entries=109 op=replace pid=3480 comm="iptables"
[ 106.867682] audit: type=1325 audit(1600680308.337:300): table=filter family=10 entries=93 op=replace pid=3483 comm="ip6tables"
[ 106.886807] audit: type=1325 audit(1600680308.353:301): table=filter family=10 entries=94 op=replace pid=3494 comm="ip6tables"
[ 106.902780] audit: type=1325 audit(1600680308.370:302): table=filter family=2 entries=110 op=replace pid=3503 comm="iptables"
[ 106.907625] audit: type=1325 audit(1600680308.377:303): table=filter family=10 entries=95 op=replace pid=3506 comm="ip6tables"
[ 106.931056] audit: type=1325 audit(1600680308.400:304): table=filter family=2 entries=111 op=replace pid=3519 comm="iptables"
[ 106.935530] audit: type=1325 audit(1600680308.403:305): table=filter family=10 entries=96 op=replace pid=3522 comm="ip6tables"
[ 106.955612] audit: type=1325 audit(1600680308.423:306): table=filter family=2 entries=110 op=replace pid=3533 comm="iptables"
[ 106.960281] audit: type=1325 audit(1600680308.427:307): table=filter family=10 entries=95 op=replace pid=3536 comm="ip6tables"
[ 106.964264] audit: type=1325 audit(1600680308.433:308): table=filter family=2 entries=111 op=replace pid=3539 comm="iptables"
[ 113.410094] tun: Universal TUN/TAP device driver, 1.6
[ 113.433268] kauditd_printk_skb: 1 callbacks suppressed
[ 113.433271] audit: type=1130 audit(1600680314.900:310): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 113.542142] audit: type=1325 audit(1600680315.010:311): table=filter family=2 entries=112 op=replace pid=3663 comm="iptables"
[ 113.545886] audit: type=1325 audit(1600680315.013:312): table=filter family=10 entries=97 op=replace pid=3666 comm="ip6tables"
[ 113.549615] audit: type=1325 audit(1600680315.017:313): table=filter family=2 entries=113 op=replace pid=3669 comm="iptables"
[ 113.553411] audit: type=1325 audit(1600680315.020:314): table=filter family=10 entries=98 op=replace pid=3672 comm="ip6tables"
[ 113.560479] audit: type=1325 audit(1600680315.027:315): table=filter family=2 entries=114 op=replace pid=3677 comm="iptables"
[ 113.564174] audit: type=1325 audit(1600680315.033:316): table=filter family=10 entries=99 op=replace pid=3680 comm="ip6tables"
[ 113.583354] audit: type=1325 audit(1600680315.050:317): table=filter family=2 entries=115 op=replace pid=3693 comm="iptables"
[ 113.587070] audit: type=1325 audit(1600680315.053:318): table=filter family=10 entries=100 op=replace pid=3696 comm="ip6tables"
[ 113.591050] audit: type=1325 audit(1600680315.060:319): table=filter family=2 entries=116 op=replace pid=3699 comm="iptables"
[ 124.029311] kauditd_printk_skb: 20 callbacks suppressed
[ 124.029317] audit: type=1131 audit(1600680325.497:340): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 131.383196] audit: type=1131 audit(1600680332.850:341): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 131.402462] audit: type=1334 audit(1600680332.870:342): prog-id=18 op=UNLOAD
[ 131.402464] audit: type=1334 audit(1600680332.870:343): prog-id=17 op=UNLOAD
并iptables -L给出(更新后,抱歉忘记在更新前导出这个):
Chain INPUT (policy ACCEPT)
target prot opt source destination
piavpn.INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
piavpn.FORWARD all -- anywhere anywhere
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
piavpn.anchors all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain piavpn.000.allowLoopback (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain piavpn.100.blockAll (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain piavpn.100.protectLoopback (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain piavpn.200.allowVPN (0 references)
target prot opt source destination
Chain piavpn.290.allowDHCP (0 references)
target prot opt source destination
ACCEPT udp -- anywhere 255.255.255.255 udp spt:bootpc dpt:bootps
Chain piavpn.300.allowLAN (0 references)
target prot opt source destination
ACCEPT all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere 169.254.0.0/16
ACCEPT all -- anywhere 172.16.0.0/12
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere 255.255.255.255
Chain piavpn.305.allowSubnets (0 references)
target prot opt source destination
Chain piavpn.310.blockDNS (0 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:domain reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:domain reject-with icmp-port-unreachable
Chain piavpn.320.allowDNS (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere cgroup 1384 udp dpt:domain
ACCEPT udp -- anywhere anywhere cgroup 1383 udp dpt:domain
ACCEPT tcp -- anywhere anywhere cgroup 1384 tcp dpt:domain
ACCEPT tcp -- anywhere anywhere cgroup 1383 tcp dpt:domain
Chain piavpn.340.blockVpnOnly (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere cgroup 1384 reject-with icmp-port-unreachable
Chain piavpn.350.allowHnsd (0 references)
target prot opt source destination
Chain piavpn.350.cgAllowHnsd (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere owner GID match piahnsd cgroup 1384 multiport dports domain,13038
ACCEPT udp -- anywhere anywhere owner GID match piahnsd cgroup 1384 multiport dports domain,13038
REJECT all -- anywhere anywhere owner GID match piahnsd reject-with icmp-port-unreachable
Chain piavpn.390.allowWg (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere mark match 0x3213
Chain piavpn.400.allowPIA (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner GID match piavpn
Chain piavpn.FORWARD (1 references)
target prot opt source destination
Chain piavpn.INPUT (1 references)
target prot opt source destination
piavpn.a.100.protectLoopback all -- anywhere anywhere
Chain piavpn.a.000.allowLoopback (1 references)
target prot opt source destination
Chain piavpn.a.100.blockAll (1 references)
target prot opt source destination
Chain piavpn.a.100.protectLoopback (1 references)
target prot opt source destination
piavpn.100.protectLoopback all -- anywhere anywhere
Chain piavpn.a.200.allowVPN (1 references)
target prot opt source destination
Chain piavpn.a.290.allowDHCP (1 references)
target prot opt source destination
Chain piavpn.a.300.allowLAN (1 references)
target prot opt source destination
Chain piavpn.a.305.allowSubnets (1 references)
target prot opt source destination
Chain piavpn.a.310.blockDNS (1 references)
target prot opt source destination
Chain piavpn.a.320.allowDNS (1 references)
target prot opt source destination
Chain piavpn.a.340.blockVpnOnly (1 references)
target prot opt source destination
piavpn.340.blockVpnOnly all -- anywhere anywhere
Chain piavpn.a.350.allowHnsd (1 references)
target prot opt source destination
Chain piavpn.a.350.cgAllowHnsd (1 references)
target prot opt source destination
Chain piavpn.a.390.allowWg (1 references)
target prot opt source destination
Chain piavpn.a.400.allowPIA (1 references)
target prot opt source destination
Chain piavpn.anchors (1 references)
target prot opt source destination
piavpn.a.000.allowLoopback all -- anywhere anywhere
piavpn.a.400.allowPIA all -- anywhere anywhere
piavpn.a.390.allowWg all -- anywhere anywhere
piavpn.a.350.allowHnsd all -- anywhere anywhere
piavpn.a.350.cgAllowHnsd all -- anywhere anywhere
piavpn.a.340.blockVpnOnly all -- anywhere anywhere
piavpn.a.320.allowDNS all -- anywhere anywhere
piavpn.a.310.blockDNS all -- anywhere anywhere
piavpn.a.305.allowSubnets all -- anywhere anywhere
piavpn.a.300.allowLAN all -- anywhere anywhere
piavpn.a.290.allowDHCP all -- anywhere anywhere
piavpn.a.200.allowVPN all -- anywhere anywhere
piavpn.a.100.blockAll all -- anywhere anywhere
/etc/resolv.conf给出:
# Generated by NetworkManager
nameserver 192.168.192.111
nameserver 192.168.192.1
nameserver 198.162.192.111
.111 是我的 pi-hole DNS 查找服务器,.1 是我的路由器。不知道为什么 .111 在那里两次。
另外有趣的是 - 网络管理器仍然无法工作,但客户端可以...可能与从 OpenVPN 切换到新的wireguard 协议有关?