Openvpn数据包和NetworkManager VPN问题与DNS和呼叫功能

tag-icon tag-icon linux dns networkmanager openvpn systemd-networkd
Openvpn数据包和NetworkManager VPN问题与DNS和呼叫功能

花了很多时间才弄清楚发生了什么事。但问题仍然没有明确。总结已安装的 NetworkManager 的 OVPN 数据包。并安装了clear openvpn新版本3,因此有openvpn,openvpn3。和数据包与 NetworkManager(.ovpn config) 一起使用。还安装了 update-resolve-service。

这是配置:

remote domain_name 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
verb 3
explicit-exit-notify 5
rcvbuf 262144
sndbuf 262144
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/scripts/update-systemd-resolved
up-restart
up /vpn/iptab_killswitch.sh
up-restart
down /etc/openvpn/scripts/update-systemd-resolved
down-pre
down /vpn/iptab_default.sh
down-pre

当我使用命令行启动 VPN 时,它可以很好地修改 iptables(用于 Killswitch),但仍然存在 DNS 泄漏问题。

终止开关:

#!/bin/bash
sudo iptables --flush
sudo iptables --delete-chain
sudo iptables -t nat --flush
sudo iptables -t nat --delete-chain
sudo iptables -P OUTPUT DROP
sudo iptables -A INPUT -j ACCEPT -i lo
sudo iptables -A OUTPUT -j ACCEPT -o lo
sudo iptables -A OUTPUT -j ACCEPT -d server/24 -o wlp2s0 -p udp -m udp --dport 443
sudo iptables -A INPUT -j ACCEPT -s server/24 -i wlp2s0 -p udp -m udp --sport 443
sudo iptables -A INPUT -j ACCEPT -i tun0
sudo iptables -A OUTPUT -j ACCEPT -o tun0

解析:

默认:

Link 2 (wlp2s0)
      Current Scopes: DNS        
DefaultRoute setting: yes        
       LLMNR setting: yes        
MulticastDNS setting: no         
  DNSOverTLS setting: no         
      DNSSEC setting: no         
    DNSSEC supported: no         
  Current DNS Server: 192.168.1.1
         DNS Servers: 192.168.1.1
          DNS Domain: ~.

当我使用“sudo openvpn --config /path_to_my_config.ovpn”时:

Link 54 (tun0)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no  

Link 2 (wlp2s0)
      Current Scopes: DNS        
DefaultRoute setting: yes        
       LLMNR setting: yes        
MulticastDNS setting: no         
  DNSOverTLS setting: no         
      DNSSEC setting: no         
    DNSSEC supported: no         
  Current DNS Server: 192.168.1.1
         DNS Servers: 192.168.1.1
          DNS Domain: ~.

使用 NetworkManager 连接到我的配置时:

Link 55 (tun0)
      Current Scopes: DNS        
DefaultRoute setting: yes        
       LLMNR setting: yes        
MulticastDNS setting: no         
  DNSOverTLS setting: no         
      DNSSEC setting: no         
    DNSSEC supported: no         
  Current DNS Server: 10.64.104.1
         DNS Servers: 10.64.104.1
          DNS Domain: ~.         

Link 2 (wlp2s0)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no

因此,当我使用 NetworkManager 时,它会修改 DNS,并忽略 .ovpn 内的“up”命令。来自互联网的任何服务都会看到 VPN DNS。当我使用clear openvpn 客户端时 - 它在配置中使用脚本,但不修改 DNS。

如何设置我的 VPN 来阻止泄漏 DNS 并使用 Killswitch 功能?

相关内容