调整 systemd-resolve 命令以适应 resolvectl

tag-icon tag-icon bash 22.04 dns vpn
调整 systemd-resolve 命令以适应 resolvectl

我将我的 ubuntu 升级到 22.04,由于它使用了 systemd-resolve 命令,因此路由我的工作 vpn 流量的脚本无法正常工作。

我如何使用脚本:我手动执行一个脚本(vpn.sh)将我连接到VPN,该脚本调用另一个脚本(vpn_routes.sh,有问题的脚本),该脚本通过VPN路由客户端某些在线工具的流量并允许其余流量绕过VPN连接到互联网。vpn_routes.sh在最后一行使用“systemd-resolve”,而ubuntu 22.04 不再使用它,现在它使用“resolvectl”。

问题:我修改了脚本并尝试了下面的两种解决方案,但在这两种情况下,一旦 vpn.sh 成功将我连接到 VPN 并执行 vpn_routes.sh,我就无法再浏览互联网(网站无法加载等)。

解决方案 1:添加符号链接。这将阻止对互联网的访问:

sudo ln -s /usr/bin/resolvectl /usr/bin/systemd-resolve

解决方案 2:我尝试调整命令以适应 resolvectl,但遇到了同样的问题:

sudo resolvectl dns gxxx 11.xxx.x.xx 22.xxx.x.xxx
sudo resolvectl domain xxxxx.com

命令:

sudo systemd-resolve --interface gxxx --set-dns 11.xxx.x.xx --set-dns 22.xxx.x.xxx --set-domain xxxxx.com

有人能告诉我如何正确调整这个命令以在 22.04 中使用 resolvectl 吗?

提前致谢!

完整脚本(vpn_routes.sh):

#!/bin/bash

GW=$(route -n | grep gxxx | grep 0.0.0.0 | awk '{print $2}')

echo "Gateway: ${GW}"

sudo route del -net 0.0.0.0 dev gxxx
sudo route add -net xx.x.xx.x gw ${GW} netmask 255.255.254.0 dev gxxx
sudo route add -net xx.x.xx.0 gw ${GW} netmask 255.255.254.0 dev gxxx

sudo systemd-resolve --interface gxxx --set-dns 11.xxx.x.xx --set-dns 22.xxx.x.xxx --set-domain xxxxx.com

更新

以下是命令 ip a、ip route 和 resolvectl status 的输出(出于安全原因进行了修改):

命令 >>> ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu xxx qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/XXX scope host 
       valid_lft forever preferred_lft forever
2: wlpxxxxx: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu xxx qdisc noqueue state UP group default qlen 1000
    link/ether 64:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet xxx.xxx.x.x/xx brd xxx.xxx.x.xx scope global dynamic noprefixroute wlpxxxxx
       valid_lft 68xxxsec preferred_lft 68xxxsec
    inet6 2803:xxxx:98c4:xxxx:xxxx:efc5:xxxx:xxxx/64 scope global temporary dynamic 
       valid_lft 58xxxxsec preferred_lft 6xxxxsec
    inet6 2803:xxxx:xxxx:8853:xxxx:ee6d:xxxx:xxxx/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 114xxxxxsec preferred_lft 11xxxxxxsec
    inet6 fe80::xxxx:xxxx:xxxxx:64d5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: gxxx: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu xxxx xxxx xxxxx state UP group default qlen xxx
    link/none 
    inet 10.xxx.xx.xxx/xx scope global gxxx
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 172.xx.x.x/xx brd 172.xx.xxx.xxx scope global docker0
       valid_lft forever preferred_lft forever
    inet6 xxxxxxxxxxx/64 scope link 
       valid_lft forever preferred_lft forever
27: br-xxxxxxxxxxx: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu xxxx qdisc noqueue state DOWN group default 
    link/ether 02:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 172.xx.x.x/xx brd 172.xx.xxx.xxx scope global br-xxxxxxxxxxx
       valid_lft forever preferred_lft forever
    inet6 xxxxxxxxxxxxxx/64 scope link 
       valid_lft forever preferred_lft forever

命令 >>> ip route(示例)

default via xxx.xxx.x.x dev wlpxxxxx proto dhcp metric 600 
xxx.xxx.xx.xx/xx via xxx.xxx.x.x dev wlpxxxxx 
xxx.xxx.xx.xx/xx via xxx.xxx.x.x dev wlpxxxxx 
xxx.xxx.xx.xx/xx via xxx.xxx.x.x dev wlpxxxxx 
xxx.xxx.xx.xx/xx dev wlpxxxxx scope link metric 1000 
172.xx.x.x/xx dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.xx.x.x/xx dev br-xxxxxxxxxxx proto kernel scope link src 172.xx.x.x linkdown 
xxx.xxx.xx.xx/xx dev wlpxxxxx proto kernel scope link src xxx.xxx.xx.x metric 600 
xxx.xxx.xx.x/xx via xxx.xxx.x.x dev wlpxxxxx 
xxx.xxx.xx.x/xx via xxx.xxx.x.x dev wlpxxxxx 
10.x.xx.x/xx via 10.xxx.xx.xxx  dev gpd0 
10.x.xx.x/xx via 10.xxx.xx.xxx  dev gpd0 
10.xx.x.x/xx via 10.xxx.xx.xxx  dev gpd0

命令 >>> resolvectl status

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 11.xxx.x.xx
       DNS Servers: 11.xxx.x.xxx 22.xxx.x.xxx
        DNS Domain: xxxxx.com

Link 2 (wlpxxxxx)
Current Scopes: DNS
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: xxx.xxx.x.x fexxxxxxxxxx

Link 3 (gxxx)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 11.xxx.x.xxx
       DNS Servers: 11.xxx.x.xxx 22.xxx.x.xxx
        DNS Domain: xxxxx.com

Link 4 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 27 (br-xxxxxxxxxxx)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

相关内容