Клиенты нового openvpn-сервера могут пинговать уровень 2, но не уровень 3 (DNS)
Я пытаюсь настроить новый сервер openvpn, и мои клиенты могут подключиться к серверу, ping 4.2.2.2, но не удается на уровне 3 (DNS).
error:
ping google.com
temporary failure in name resolution
server config:
mode server
tls-server
port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/issued/server.crt
key /etc/openvpn/server/private/server.key
dh /etc/openvpn/server/dh.pem
server 10.9.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo # Compression - must be turned on at both end
persist-key
persist-tun
#status /var/log/openvpn-status.log
verb 1 # verbose mode
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
client-to-client
push "redirect-gateway def1"
push "redirect-gateway bypass-dhcp"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 137.220.63.245"
#push "dhcp-option DNS 4.2.2.2"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
log /var/log/openvpn/openvpn.log
iptables:
root@vultr:~# cat /etc/iptables/rules.v4
# Generated by iptables-save v1.8.7 on Wed Jun 16 04:19:35 2021
*mangle
:PREROUTING ACCEPT [2774:359035]
:INPUT ACCEPT [1375:169341]
:FORWARD ACCEPT [1396:189514]
:OUTPUT ACCEPT [629:154223]
:POSTROUTING ACCEPT [2025:343737]
COMMIT
# Completed on Wed Jun 16 04:19:35 2021
# Generated by iptables-save v1.8.7 on Wed Jun 16 04:19:35 2021
*filter
:INPUT ACCEPT [1375:169341]
:FORWARD ACCEPT [1396:189514]
:OUTPUT ACCEPT [629:154223]
COMMIT
# Completed on Wed Jun 16 04:19:35 2021
# Generated by iptables-save v1.8.7 on Wed Jun 16 04:19:35 2021
*nat
:PREROUTING ACCEPT [93:6515]
:INPUT ACCEPT [19:1048]
:OUTPUT ACCEPT [1:76]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
# Completed on Wed Jun 16 04:19:35 2021
client config:
root@hvm-debian01:/etc/openvpn# cat /etc/openvpn/client.conf
client
remote 1.1.1.1
dev tun
nobind
tls-client
cert /etc/openvpn/client2.crt
key /etc/openvpn/client2.key
ca /etc/openvpn/ca.crt
comp-lzo
verb 5
ping-restart 60
log /var/log/openvpn/openvpn.log
Как мне заставить openvpn поддерживать dns для моих клиентов?
systemctl restart systemd-resolved
Не помогает
После подключения, мой
/etc/resolv.conf
кажется, обновляется правильно.
root@hvm-debian01:/etc/openvpn# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 137.220.63.245
nameserver 192.168.1.1
-1
задан brad
17 June 2021 в 02:01
поделиться
1 ответ
Изменение push DNS с 137.220.63.245 на 4.2.2.2 устранило проблему.
dig google.com. @137.220.63.245
от клиента выявили проблему.
0
ответ дан
28 July 2021 в 11:28
поделиться