使用 openvpn Linux 客户端 Windows 服务器处理 DNS

使用 openvpn Linux 客户端 Windows 服务器处理 DNS

我有以下 .ovpn 配置文件

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-disable
auth SHA1
tls-client
client
resolv-retry infinite
remote 177.220.97.66 1194 tcp-client
setenv opt block-outside-dns
verify-x509-name "vpn01.unisim.cepetro.unicamp.br" name
auth-user-pass
remote-cert-tls server
comp-lzo yes
auth-nocache
proto tcp
resolv-retry infinite
nobind
keepalive 10 60
reneg-sec 0
tun-mtu 6000
fragment 0
mssfix 0
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"

当我使用 Windows 客户端时,它可以与 Windows 服务器建立连接。然而,从 Linux 客户端建立连接过程失败。我猜问题与 DNS 处理有关,但我不确定。我添加了以下行

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

试图解决这个可能的 DNS 处理问题,但他们的添加并没有解决问题。

问题:如何配置 .ovpn 以便能够从 Linux 客户端连接到 Windows Serve。

更多信息

  • 使用 Linux 客户端时,我无法 ping 通 Windows 服务器。
  • 将 set -x 命令添加到 update-resolv-conf。结果显示在 Linux 客户端的输出文件中。
  • route -n 命令在启动 openvpn 之前和之后运行。输出如下: 启动 openvpn 之前
 Kernel IP routing table Destination     Gateway         Genmask       
 Flags Metric Ref    Use Iface
 0.0.0.0         192.168.15.1    0.0.0.0         UG    600    0        0 wlp3s0
 192.168.15.0    0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0

启动 openvpn 后

 Kernel IP routing table Destination     Gateway         Genmask       
 Flags Metric Ref    Use Iface
 0.0.0.0         192.168.15.1    0.0.0.0         UG    600    0        0 wlp3s0
 143.106.81.64   192.168.180.65  255.255.255.192 UG    0      0        0 tun0
 169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 tun0
 177.220.97.0    192.168.180.65  255.255.255.128 UG    0      0        0 tun0
 192.168.15.0    0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
 192.168.180.64  0.0.0.0         255.255.255.192 U     0      0        0 tun0

输出:下面我列出了使用 Windows 客户端到 Windows 服务器(成功建立连接)时 openvpn 的输出,以及使用 Linux 客户端到 Windows 服务器(我想要建立连接)时 openvpn 的输出。

  • WINDOWS CLIENT 的 openvpn 输出:
Fri Dec 13 16:10:56 2019 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Fri Dec 13 16:10:56 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Dec 13 16:10:56 2019 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Fri Dec 13 16:11:11 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]177.220.97.66:1194
Fri Dec 13 16:11:11 2019 Attempting to establish TCP connection with [AF_INET]177.220.97.66:1194 [nonblock]
Fri Dec 13 16:11:12 2019 TCP connection established with [AF_INET]177.220.97.66:1194
Fri Dec 13 16:11:12 2019 TCP_CLIENT link local: (not bound)
Fri Dec 13 16:11:12 2019 TCP_CLIENT link remote: [AF_INET]177.220.97.66:1194
Fri Dec 13 16:11:13 2019 [vpn01.unisim.cepetro.unicamp.br] Peer Connection Initiated with [AF_INET]177.220.97.66:1194
Fri Dec 13 16:11:20 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:9: 393216 (2.4.8)
Fri Dec 13 16:11:20 2019 open_tun
Fri Dec 13 16:11:20 2019 TAP-WIN32 device [Conexão Local] opened: \\.\Global\{FDBCF68E-E459-4B16-9367-E1DD5B4B5035}.tap
Fri Dec 13 16:11:20 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.180.64/192.168.180.101/255.255.255.192 [SUCCEEDED]
Fri Dec 13 16:11:20 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.180.101/255.255.255.192 on interface {FDBCF68E-E459-4B16-9367-E1DD5B4B5035} [DHCP-serv: 192.168.180.126, lease-time: 31536000]
Fri Dec 13 16:11:20 2019 Successful ARP Flush on interface [21] {FDBCF68E-E459-4B16-9367-E1DD5B4B5035}
Fri Dec 13 16:11:20 2019 Blocking outside dns using service succeeded.
Fri Dec 13 16:11:25 2019 Initialization Sequence Completed
Fri Dec 13 16:11:25 2019 Register_dns request sent to the service
  • LINUX CLIENT 的 openvpn 输出:
Sun Dec 15 12:44:29 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Sun Dec 15 12:44:29 2019 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Enter Auth Username: randerson
Enter Auth Password: ******
Sun Dec 15 12:44:36 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Dec 15 12:44:36 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]177.220.97.66:1194
Sun Dec 15 12:44:36 2019 Attempting to establish TCP connection with [AF_INET]177.220.97.66:1194 [nonblock]
Sun Dec 15 12:44:37 2019 TCP connection established with [AF_INET]177.220.97.66:1194
Sun Dec 15 12:44:37 2019 TCP_CLIENT link local: (not bound)
Sun Dec 15 12:44:37 2019 TCP_CLIENT link remote: [AF_INET]177.220.97.66:1194
Sun Dec 15 12:44:37 2019 [vpn01.unisim.cepetro.unicamp.br] Peer Connection Initiated with [AF_INET]177.220.97.66:1194
Sun Dec 15 12:44:44 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: block-outside-dns (2.4.4)
Sun Dec 15 12:44:44 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: register-dns (2.4.4)
Sun Dec 15 12:44:44 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:9: 393216 (2.4.4)
Sun Dec 15 12:44:44 2019 TUN/TAP device tun0 opened
Sun Dec 15 12:44:44 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Dec 15 12:44:44 2019 /sbin/ip link set dev tun0 up mtu 6000
Sun Dec 15 12:44:44 2019 /sbin/ip addr add dev tun0 192.168.180.101/26 broadcast 192.168.180.127
Sun Dec 15 12:44:44 2019 /etc/openvpn/update-resolv-conf tun0 6000 6063 192.168.180.101 255.255.255.192 init
+ '[' up ']'
+ '[' tun0 ']'
+ case "$script_type" in
+ NMSRVRS=
+ SRCHS=
+ for optionvarname in ${!foreign_option_*}
+ option='dhcp-option DOMAIN unisim.cepetro.unicamp.br'
+ echo 'dhcp-option DOMAIN unisim.cepetro.unicamp.br'
dhcp-option DOMAIN unisim.cepetro.unicamp.br
+ split_into_parts dhcp-option DOMAIN unisim.cepetro.unicamp.br
+ part1=dhcp-option
+ part2=DOMAIN
+ part3=unisim.cepetro.unicamp.br
+ '[' dhcp-option = dhcp-option ']'
+ '[' DOMAIN = DNS ']'
+ '[' DOMAIN = DOMAIN ']'
+ SRCHS=unisim.cepetro.unicamp.br
+ for optionvarname in ${!foreign_option_*}
+ option='dhcp-option DNS 177.220.97.68'
+ echo 'dhcp-option DNS 177.220.97.68'
dhcp-option DNS 177.220.97.68
+ split_into_parts dhcp-option DNS 177.220.97.68
+ part1=dhcp-option
+ part2=DNS
+ part3=177.220.97.68
+ '[' dhcp-option = dhcp-option ']'
+ '[' DNS = DNS ']'
+ NMSRVRS=177.220.97.68
+ for optionvarname in ${!foreign_option_*}
+ option='dhcp-option DNS 177.220.97.69'
+ echo 'dhcp-option DNS 177.220.97.69'
dhcp-option DNS 177.220.97.69
+ split_into_parts dhcp-option DNS 177.220.97.69
+ part1=dhcp-option
+ part2=DNS
+ part3=177.220.97.69
+ '[' dhcp-option = dhcp-option ']'
+ '[' DNS = DNS ']'
+ NMSRVRS='177.220.97.68 177.220.97.69'
+ R=
+ '[' unisim.cepetro.unicamp.br ']'
+ R='search unisim.cepetro.unicamp.br
'
+ for NS in $NMSRVRS
+ R='search unisim.cepetro.unicamp.br
nameserver 177.220.97.68
'
+ for NS in $NMSRVRS
+ R='search unisim.cepetro.unicamp.br
nameserver 177.220.97.68
nameserver 177.220.97.69
'
+ echo -n 'search unisim.cepetro.unicamp.br
nameserver 177.220.97.68
nameserver 177.220.97.69
'
+ /sbin/resolvconf -a tun0.openvpn
Sun Dec 15 12:44:44 2019 Initialization Sequence Completed
Sun Dec 15 12:46:16 2019 [vpn01.unisim.cepetro.unicamp.br] Inactivity timeout (--ping-restart), restarting
Sun Dec 15 12:46:16 2019 SIGUSR1[soft,ping-restart] received, process restarting
Sun Dec 15 12:46:21 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Dec 15 12:46:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]177.220.97.66:1194
Sun Dec 15 12:46:21 2019 Attempting to establish TCP connection with [AF_INET]177.220.97.66:1194 [nonblock]
Sun Dec 15 12:46:53 2019 TCP: connect to [AF_INET]177.220.97.66:1194 failed: Connection timed out
Sun Dec 15 12:46:53 2019 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sun Dec 15 12:46:58 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Dec 15 12:46:58 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]177.220.97.66:1194
Sun Dec 15 12:46:58 2019 Attempting to establish TCP connection with [AF_INET]177.220.97.66:1194 [nonblock]

相关内容