当我使用 forticlient 连接到 VPN 时,我无法访问所有其他站点(VPN 之外)。我以为问题出在我的 DNS 上,resolved但现在我意识到我不能,ping 8.8.8.8所以它一定是更根本的问题,对吧?
当我连接到 VPN 时,我会ifconfig -a看到以下信息(已删除环回):
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::279f:54fe:977f:4e6c prefixlen 64 scopeid 0x20<link>
ether 18:03:73:e6:32:f2 txqueuelen 1000 (Ethernet)
RX packets 74896 bytes 58598268 (55.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59257 bytes 11405705 (10.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xe1500000-e1520000
vpn: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet 10.50.192.11 netmask 255.255.255.255 destination 10.50.192.11
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 59 bytes 13713 (13.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2155 bytes 172229 (168.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
当我与 VPN 断开连接后,何时可以使用默认 DNS 等ifconfig告诉我
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::279f:54fe:977f:4e6c prefixlen 64 scopeid 0x20<link>
ether 18:03:73:e6:32:f2 txqueuelen 1000 (Ethernet)
RX packets 75682 bytes 58794111 (56.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59981 bytes 11559277 (11.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xe1500000-e1520000
编辑(以提高可读性):ip route给出
$ ip route
default via 10.50.192.14 dev vpn scope link default via 192.168.1.254 dev eno1 proto dhcp metric 100
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.5 metric 100
193.1.103.33 via 192.168.1.254 dev eno1
和
resolvectl给出
Global Protocols:
+LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 8.8.8.8 DNS Servers: 8.8.8.8 8.8.4.4 DNS Domain: google.com Link 2
(eno1) Current Scopes:
DNS LLMNR/IPv4 LLMNR/IPv6 Protocols:
+DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 8.8.8.8 8.8.4.4 Link 9
(vpn) Current Scopes: DNS LLMNR/IPv4 Protocols:
+DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.220.1.10 10.220.1.11
FWIW 我正在运行 Debian
$ uname -a
Linux foirfe 5.15.0-2-amd64 #1 SMP Debian 5.15.5-1 (2021-11-26) x86_64 GNU/Linux
非常感谢所有建议。
编辑2
traceroute 8.8.8.8::
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 193.1.101.1 (193.1.101.1) 12.708 ms 12.723 ms 12.736 ms
3 * * *
4 * * *
:
29 * * *
30 * * *
为了进行比较,当我没有连接到 VPN 时,traceroute 会说:
$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 _gateway (192.168.1.254) 0.565 ms 0.763 ms 0.974 ms
2 95-45-22-1-dynamic.agg2.chd.lmk-mlw.eircom.net (95.45.22.1) 5.355 ms 5.445 ms 6.072 ms
3 eth-trunk113.hcore1.mlw.core.eircom.net (86.43.255.90) 12.017 ms 12.097 ms 12.177 ms
4 eth-trunk15.hcore1.prp.core.eircom.net (86.43.254.143) 17.245 ms 17.396 ms 17.496 ms
5 lag-20-br2-6cr-hcore1-prp.br2.6cr.border.eircom.net (86.43.12.215) 12.620 ms 12.889 ms 12.961 ms
6 72.14.211.86 (72.14.211.86) 14.130 ms 11.139 ms 11.057 ms
7 * * *
8 dns.google (8.8.8.8) 10.721 ms 9.487 ms 9.671 ms
并且,当连接时,httping给出
$ httping 8.8.8.8
PING 8.8.8.8:80 (/):
^CGot signal 2
--- http://8.8.8.8/ ping statistics ---
1 connects, 0 ok, 0.00% failed, time 22643ms
虽然nslookup给了
$ nslookup 8.8.8.8
nslookup: parse of /etc/resolv.conf failed
该/etc/resolv.conf文件是一个符号链接:
ls -lu /etc/resolv.conf /run/resolvconf/resolv.conf
lrwxrwxrwx 1 root root 27 Jan 3 15:47 /etc/resolv.conf -> /run/resolvconf/resolv.conf
-rw-r--r-- 1 root root 373 Jan 3 12:44 /run/resolvconf/resolv.conf
这看起来像:
$ cat /run/resolvconf/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.
nameserver dnsserverip
nameserver 8.8.8.8
nameserver 8.8.4.4
search google.com
nameserver 8.8.8.8