Networking
無法讓客戶端通過 openVPN 隧道傳遞 DNS 查詢
我無法讓我的 openVPN 客戶端電腦 (Windows 10) 通過 VPN 隧道傳遞 DNS 查詢。
我
10.0.0.1作為 DNS 伺服器推送,VPN 連接顯示它是該連接的 DNS 伺服器。Ethernet adapter Ethernet 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Apple Mobile Device Ethernet DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.20.10.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.240 Lease Obtained. . . . . . . . . . : 03 September 2015 09:55:59 Lease Expires . . . . . . . . . . : 04 September 2015 12:05:04 Default Gateway . . . . . . . . . : 172.20.10.1 DHCP Server . . . . . . . . . . . : 172.20.10.1 DNS Servers . . . . . . . . . . . : 172.20.10.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Ethernet 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.8.0.4(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 03 September 2015 11:25:47 Lease Expires . . . . . . . . . . : 02 September 2016 12:19:32 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.8.0.254 DNS Servers . . . . . . . . . . . : 10.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled連接創建此路由表
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.20.10.1 172.20.10.2 20 0.0.0.0 128.0.0.0 10.8.0.1 10.8.0.4 31 10.0.0.0 255.255.255.0 10.8.0.1 10.8.0.4 31 10.8.0.0 255.255.255.0 On-link 10.8.0.4 286 10.8.0.4 255.255.255.255 On-link 10.8.0.4 286 10.8.0.255 255.255.255.255 On-link 10.8.0.4 286 **.***.***.*** 255.255.255.255 172.20.10.1 172.20.10.2 21 <-- Public VPN Address 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 10.8.0.1 10.8.0.4 31 172.20.10.0 255.255.255.240 On-link 172.20.10.2 276 172.20.10.2 255.255.255.255 On-link 172.20.10.2 276 172.20.10.15 255.255.255.255 On-link 172.20.10.2 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.8.0.4 286 224.0.0.0 240.0.0.0 On-link 172.20.10.2 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.8.0.4 286 255.255.255.255 255.255.255.255 On-link 172.20.10.2 276 ===========================================================================伺服器配置文件
ca ca.crt cert server.crt key server.key dh dh2048.pem tls-server tls-auth ta.key 0 dev tun local 10.0.0.250 port 1194 proto udp topology subnet server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 10.0.0.1" keepalive 10 120 cipher BF-CBC comp-lzo user nobody group nogroup persist-key persist-tun ifconfig-pool-persist ipp.txt status openvpn-status.log log openvpn.log verb 6nslookup 結果如下:
C:\Windows\system32>nslookup alpha.intranet.app Server: UnKnown Address: 172.20.10.1 Non-authoritative answer: Name: alpha.intranet.app Address: 127.0.53.53但是,強制 nslookup 使用所需的 DNS 伺服器會導致:
C:\Windows\system32>nslookup alpha.intranet.app 10.0.0.1 Server: lan.router Address: 10.0.0.1 Non-authoritative answer: Name: alpha.intranet.app Address: 10.0.0.251如果我手動將 DNS 伺服器更改為
Ethernet adapter Ethernet 3nslookup ,則10.0.0.1無需強制使用 DNS 伺服器,並且我的 Intranet 頁面載入正常。關於為什麼物理連接的 DNS 伺服器優先於 VPN 以及如何更改的任何想法?
謝謝
我在 dnsleaktest.com 找到了一組腳本,它在創建隧道之前刪除了任何現有的 DNS 解析器連結,並添加了 VPN 連接的連結。一旦連接關閉,它也會反轉這一點。
只需添加
block-outside-dns到您的配置文件(您選擇),可在此處找到:
C:\Program Files\OpenVPN\config在 Windows 上
或在系統托盤中:
點擊編輯配置,然後添加
block-outside-dns
