编辑:我不知道为什么,但如果我连接到 NordVPN,然后断开连接,我的工作 VPNopenconnect就可以正常工作。我可以按预期访问所有工作和非工作网站。也许这会给你一些启发?
正如标题所述,我正在使用openconnectUbuntu 20.04 连接到我的工作 VPN 网络。sudo openconnect <work_vpn_gateway> -u <username>几个月来,我一直在运行该命令并提供由我的 RSA 令牌生成的密码,一切都很顺利。
然而,最近我遇到了一些问题。我仍然可以正常使用上述命令进行连接,但是尝试连接到任何可以通过 VPN 正常运作的站点时却出现错误:DNS_PROBE_FINISHED_NXDOMAIN
我将列出尽可能多的信息,希望有人能指出我遗漏的内容。
如果还有什么我可以补充的,可能会有所帮助,请告诉我。我需要这个功能,这样我才能在白天工作,我只是不明白是什么原因导致它突然停止工作。大约一周前,我确实从 18.04 LTS 切换到 20.04 LTS,但此后几天它一直正常工作。
这是我的 VPN 连接调用的实际输出:
-
$ sudo openconnect <work_vpn_gateway> -u <username> POST <work_vpn_gateway> Connected to 147.21.175.42:443 SSL negotiation with <work_vpn_gateway> Server certificate verify failed: signer not found Certificate from VPN server "<work_vpn_gateway>" failed verification. Reason: signer not found To trust this server in future, perhaps add this to your command line: --servercert pin-sha256:Q8...noq0qrszE= Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on <work_vpn_gateway> XML POST enabled Password: POST https://<work_vpn_gateway>/ Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as 10.7.91.214, using SSL, with DTLS in progress Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-256-CBC)-(SHA1). Error: any valid prefix is expected rather than "dev". # I never saw this on 18.04 **** # ^ This is the end-state of the connect call - I should be able to now access work sites **** ^CSend BYE packet: Aborted by caller # Manual exit here Error: argument "via" is wrong: use nexthop syntax to specify multiple via RTNETLINK answers: No such process User cancelled (SIGINT/SIGTERM); exiting.
-
我的
ifconfig关闭 VPN 是:-
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:4b:9f:73:5c txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp59s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.35 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2605:e000:150a:d279::1192 prefixlen 128 scopeid 0x0<global> inet6 2605:e000:150a:d279:cd37:ecd6:778a:d82c prefixlen 64 scopeid 0x0<global> inet6 2605:e000:150a:d279:6145:5e5f:87ec:82e2 prefixlen 64 scopeid 0x0<global> inet6 2605:e000:150a:d279:5a6:71cd:fffb:ff1e prefixlen 64 scopeid 0x0<global> inet6 2605:e000:150a:d279:d4f5:9c29:dc90:1ad7 prefixlen 64 scopeid 0x0<global> inet6 2605:e000:150a:d279:9028:f45d:3ce:ea0c prefixlen 64 scopeid 0x0<global> inet6 fe80::a487:d33c:c51:409 prefixlen 64 scopeid 0x20<link> inet6 2605:e000:150a:d279:89d5:b1fd:857c:384e prefixlen 64 scopeid 0x0<global> ether 30:9c:23:8e:fd:ce txqueuelen 1000 (Ethernet) RX packets 18734 bytes 10635469 (10.6 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 15361 bytes 2864576 (2.8 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 17 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 213 bytes 17919 (17.9 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 213 bytes 17919 (17.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.17 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::75ad:b71b:40c:9240 prefixlen 64 scopeid 0x20<link> inet6 2605:e000:150a:d279:c527:a9fb:322e:51cf prefixlen 64 scopeid 0x0<global> inet6 2605:e000:150a:d279::19a5 prefixlen 128 scopeid 0x0<global> inet6 2605:e000:150a:d279:502d:e2e9:87ef:e856 prefixlen 64 scopeid 0x0<global> ether d4:6d:6d:3e:1f:7a txqueuelen 1000 (Ethernet) RX packets 2963 bytes 970984 (970.9 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 847 bytes 139316 (139.3 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0```
-
当我连接到 VPN 时,这会添加到我的
ifconfig输出中-
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1406 inet 10.7.91.182 netmask 255.255.255.255 destination 10.7.91.182 inet6 fe80::95d8:44b6:3061:37fe prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 14 bytes 1882 (1.8 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 29 bytes 2472 (2.4 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
-
我
/etc/resolv.conf关闭的VPN:-
# This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 192.168.1.1 search lan
-
我的
/etc/resolv.conf连接时:-
# This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 192.168.1.1 nameserver 147.22.178.40 nameserver 147.22.179.9 search lan directv.com
-
的结果
ls -al /etc/resolv.conf:lrwxrwxrwx 1 root root 32 Jun 22 11:41 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
关闭VPN的输出
systemd-resolve --status:-
Global LLMNR setting: no MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.1 DNS Domain: lan DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 4 (docker0) Current Scopes: none DefaultRoute setting: no LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Link 3 (wlo1) Current Scopes: DNS DefaultRoute setting: yes LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.1 DNS Domain: ~. lan Link 2 (enp59s0) Current Scopes: DNS DefaultRoute setting: yes LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.1 DNS Domain: ~. lan
-
当我连接到 VPN 时,唯一改变的是输出中添加了以下内容
systemd-resolve --status:-
Link 12 (tun0) Current Scopes: DNS DefaultRoute setting: yes LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 147.22.116.240 DNS Servers: 147.22.116.240 147.22.117.9 DNS Domain: directv.com
-
我的
/etc/NetworkManager/NetworkManager.conf:-
[main] plugins=ifupdown,keyfile [ifupdown] managed=true [device] wifi.scan-rand-mac-address=no
-
重新启动
systemd-resolved(sudo systemctl restart systemd-resolved) 并查看其状态时,似乎没有任何异常。但当我连接到 VPN(或尝试访问任何工作站点,即使没有 VPN)时,以下内容多次出现在 中sudo systemctl status systemd-resolved:systemd-resolved[16885]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
感谢您提供任何帮助!
答案1
vpn启动后,您是否尝试过注释第一行/etc/resolv.conf?
#nameserver 192.168.1.1
nameserver 147.22.178.40
nameserver 147.22.179.9
search lan directv.com