プロファイルで起動するとOpenVPNがインターネットにアクセスできない

tag-icon tag-icon linux debian networking openvpn vpn
プロファイルで起動するとOpenVPNがインターネットにアクセスできない

OpenVPNへの接続に問題があります。 Wi-Fiに接続されていますが、インターネットにほとんどアクセスできません。 pingをすると応答を受けます8.8.8.8ただし、次のドメインでは機能しません。Googleサイトなど。

私はここのガイドに従いました。 https://www.ovpn.com/en/guides/debian

私は次のコマンドを使用しました。

openvpn --config /etc/openvpn/ovpn.conf --daemon

その後、接続が切断されました。

これはpingの出力です。、VPNに接続した後に撮った写真:

root@xxx:/tmp# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=115 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=90.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=121 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=120 time=115 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=120 time=149 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=120 time=118 ms

root@xxx:/tmp# ping google.com
ping: google.com: Name or service not known

root@xxx:/tmp# ping stackoverflow.com
ping: ovpn.se: Name or service not known

まだ接続されている間は、次のように表示されます(bredbandsbolaget.seは私のISPです)/etc/resolv.conf

root@xxx:/tmp# cat /etc/resolv.conf 
# Generated by NetworkManager
search bredbandsbolaget.se
nameserver 81.26.228.3
nameserver 81.26.227.3

これは私の設定ファイルです。

root@xxx:/var/log# cat /etc/openvpn/ovpn.conf 
client
dev tun
remote-random

proto tcp
remote domain.com 443

remote-cert-tls server
cipher aes-256-cbc
ncp-ciphers XXX
pull

nobind
reneg-sec 432000
resolv-retry infinite

compress lzo
verb 3

persist-key
persist-tun
auth-user-pass /etc/openvpn/credentials
ca /etc/openvpn/ovpn-ca.crt
tls-auth /etc/openvpn/ovpn-tls.key 1
log /tmp/openvpn.log
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

ログ出力:

Tue Mar  5 20:11:55 2019 WARNING: file '/etc/openvpn/ovpn-tls.key' is group or others accessible
Tue Mar  5 20:11:55 2019 WARNING: file '/etc/openvpn/credentials' is group or others accessible
Tue Mar  5 20:11:55 2019 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Tue Mar  5 20:11:55 2019 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.08
Tue Mar  5 20:11:55 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Mar  5 20:11:55 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  5 20:11:55 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  5 20:11:55 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:55 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Mar  5 20:11:55 2019 Attempting to establish TCP connection with [AF_INET]149.13.91.8:443 [nonblock]
Tue Mar  5 20:11:56 2019 TCP connection established with [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:56 2019 TCP_CLIENT link local: (not bound)
Tue Mar  5 20:11:56 2019 TCP_CLIENT link remote: [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:57 2019 TLS: Initial packet from [AF_INET]149.13.91.8:443, sid=a2a916e3 6e86cce1
Tue Mar  5 20:11:57 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar  5 20:11:57 2019 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, OU=Firma David Wibergh, CN=ovpn.se ca, [email protected]
Tue Mar  5 20:11:57 2019 Validating certificate key usage
Tue Mar  5 20:11:57 2019 ++ Certificate has key usage  00a0, expects 00a0
Tue Mar  5 20:11:57 2019 VERIFY KU OK
Tue Mar  5 20:11:57 2019 Validating certificate extended key usage
Tue Mar  5 20:11:57 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Mar  5 20:11:57 2019 VERIFY EKU OK
Tue Mar  5 20:11:57 2019 VERIFY OK: depth=0, CN=vpn19.prd.frankfurt.ovpn.com
Tue Mar  5 20:11:57 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Mar  5 20:11:57 2019 [vpn19.prd.frankfurt.ovpn.com] Peer Connection Initiated with [AF_INET]149.13.91.8:443
Tue Mar  5 20:11:58 2019 SENT CONTROL [vpn19.prd.frankfurt.ovpn.com]: 'PUSH_REQUEST' (status=1)
Tue Mar  5 20:12:03 2019 SENT CONTROL [vpn19.prd.frankfurt.ovpn.com]: 'PUSH_REQUEST' (status=1)
Tue Mar  5 20:12:03 2019 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 60,persist-key,redirect-gateway def1,explicit-exit-notify 2,comp-lzo yes,route-gateway 10.134.0.1,topology subnet,tun-ipv6,route-ipv6 2000::/3,dhcp-option DNS 2001:67c:750:1:cafe:cd45::1,dhcp-option DNS 2a07:a880:4601:10f0:cd45::1,dhcp-option DNS 46.227.67.134,dhcp-option DNS 192.165.9.158,ifconfig-ipv6 2001:978:902:1908:8bc1:ab3:5d72:cb1c/64 2001:978:902:1908::1,ifconfig 10.134.146.253 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Tue Mar  5 20:12:03 2019 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks 
Tue Mar  5 20:12:03 2019 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: compression parms modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --persist options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: route options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: route-related options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: peer-id set
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Mar  5 20:12:03 2019 OPTIONS IMPORT: data channel crypto options modified
Tue Mar  5 20:12:03 2019 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  5 20:12:03 2019 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  5 20:12:03 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp2s0 HWADDR=28:cf:e9:52:dc:e7
Tue Mar  5 20:12:03 2019 GDG6: remote_host_ipv6=n/a
Tue Mar  5 20:12:03 2019 ROUTE6: default_gateway=UNDEF
Tue Mar  5 20:12:03 2019 TUN/TAP device tun0 opened
Tue Mar  5 20:12:03 2019 TUN/TAP TX queue length set to 100
Tue Mar  5 20:12:03 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Tue Mar  5 20:12:03 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar  5 20:12:03 2019 /sbin/ip addr add dev tun0 10.134.146.253/16 broadcast 10.134.255.255
Tue Mar  5 20:12:03 2019 /sbin/ip -6 addr add 2001:978:902:1908:8bc1:ab3:5d72:cb1c/64 dev tun0
Tue Mar  5 20:12:03 2019 /etc/openvpn/update-resolv-conf tun0 1500 1555 10.134.146.253 255.255.0.0 init
Tue Mar  5 20:12:03 2019 /sbin/ip route add 149.13.91.8/32 via 192.168.1.1
Tue Mar  5 20:12:03 2019 /sbin/ip route add 0.0.0.0/1 via 10.134.0.1
Tue Mar  5 20:12:03 2019 /sbin/ip route add 128.0.0.0/1 via 10.134.0.1
Tue Mar  5 20:12:03 2019 add_route_ipv6(2000::/3 -> 2001:978:902:1908::1 metric -1) dev tun0
Tue Mar  5 20:12:03 2019 /sbin/ip -6 route add 2000::/3 dev tun0
Tue Mar  5 20:12:03 2019 Initialization Sequence Completed
Tue Mar  5 20:22:25 2019 event_wait : Interrupted system call (code=4)
Tue Mar  5 20:22:25 2019 /sbin/ip route del 149.13.91.8/32
Tue Mar  5 20:22:25 2019 /sbin/ip route del 0.0.0.0/1
Tue Mar  5 20:22:25 2019 /sbin/ip route del 128.0.0.0/1
Tue Mar  5 20:22:25 2019 delete_route_ipv6(2000::/3)
Tue Mar  5 20:22:25 2019 /sbin/ip -6 route del 2000::/3 dev tun0
Tue Mar  5 20:22:25 2019 Closing TUN/TAP interface
Tue Mar  5 20:22:25 2019 /sbin/ip addr del dev tun0 10.134.146.253/16
Tue Mar  5 20:22:25 2019 /sbin/ip -6 addr del 2001:978:902:1908:8bc1:ab3:5d72:cb1c/64 dev tun0
Tue Mar  5 20:22:25 2019 /etc/openvpn/update-resolv-conf tun0 1500 1555 10.134.146.253 255.255.0.0 init
Tue Mar  5 20:22:25 2019 SIGTERM[hard,] received, process exiting

ここで何が間違っているのか調べることができるかどうかわかりません。

ベストアンサー1

dhclient.confにフロントネームサーバーを追加して問題を解決しました。なぜ私は知らない。

prepend domain-name-servers IP1, IP2;

下に/etc/dhcp/dhclient.conf

おすすめ記事