집에서 사무실의 워크 스테이션에 연결할 수있는 OpenVPN을 사용하여 작은 VPN 네트워크를 설정하려고합니다.
OpenVPN 서버, 생성 된 키 및 클라이언트 구성 파일을 이미 설정했습니다. RDP를 통해 집에서 사무실의 업무용 컴퓨터에 연결할 수있는 모든 것이 작동하지만 한 가지 문제가 있습니다. 업무용 PC가 VPN에 연결되어 있으면 로컬 리소스의 DNS 이름을 확인할 수 없습니다.
C:\Users\user>nslookup jira.corporate_domain.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.54.11
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\user>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.54.11
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\user>nslookup google.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:4008:808::200e
216.58.219.142
로컬 DNS 서버를 클라이언트 구성 파일에 추가하고 고정 경로를 추가했는데 작동하지 않습니다. 클라이언트의 현재 설정은 다음과 같습니다.
클라이언트 PC OS : Windows 10
client_config.ovpn :
client
nobind
dev tun
key-direction 1
remote-cert-tls server
remote vpn.dns_name_of_my_server.ru 443 tcp
http-proxy proxy.corporate_dns_name.com 3129
dhcp-option DNS 192.168.54.11
route 192.168.54.11 255.255.255.255 192.168.37.1
route 192.168.70.11 255.255.255.255 192.168.37.1
ipconfig /all 클라이언트에서 :
C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : S0003445
Primary Dns Suffix . . . . . . . : ad.corporate_domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ad.corporate_domain.com
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-B6-98-50-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd6:8fec:5f45:9f4f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.255.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : 30 сентября 2016 г. 17:23:51
Lease Expires . . . . . . . . . . : 30 сентября 2017 г. 17:23:50
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.255.5
DHCPv6 IAID . . . . . . . . . . . : 369164214
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : 192.168.54.11
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : ad.corporate_domain.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 10-C3-7B-4C-A0-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1c57:9c8c:64b2:1aeb%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.37.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 29 сентября 2016 г. 11:04:00
Lease Expires . . . . . . . . . . : 7 октября 2016 г. 11:03:57
Default Gateway . . . . . . . . . : 192.168.37.1
DHCP Server . . . . . . . . . . . : 192.168.70.21
DHCPv6 IAID . . . . . . . . . . . : 51430267
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : 192.168.70.11
192.168.54.11
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-34-4C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8cd8:5f1d:f24f:fc95%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201850919
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network #2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2
Physical Address. . . . . . . . . : 08-00-27-00-F8-A8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e0b9:a45e:e853:1456%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.99.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 285736999
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{E1337BD8-BE7B-4699-B5B6-6404A1995408}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.ad.sperasoft.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ad.sperasoft.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B6985062-CC79-4BE2-9963-92484A01C1D6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{9CB069EA-424F-4D8A-AE63-43372ED9F0BF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
로컬 DNS 서버는 다음을 통해 사용할 수 있습니다 ping.
C:\Users\user>ping 192.168.54.11
Pinging 192.168.54.11 with 32 bytes of data:
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=42ms TTL=126
Reply from 192.168.54.11: bytes=32 time=40ms TTL=126
Ping statistics for 192.168.54.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 42ms, Average = 41ms
정적 경로는 다음과 같이 잘 판단됩니다 tracert.
C:\Users\user>tracert 192.168.54.11
Tracing route to 192.168.54.11 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.37.1
2 40 ms 39 ms 39 ms 192.168.50.2
3 44 ms 40 ms 40 ms 192.168.54.11
Trace complete.
내가 무엇을 놓치고 있습니까?
답변
도메인 DNS 접미사를 클라이언트로 푸시하고 TAP 어댑터를 바인딩 순서의 최상위 (가장 낮은 메트릭)로 이동하여 작동시킬 수 있습니다. 연결하려는 도메인 호스트의 FQDN을 성공적으로 핑할 수 있었습니까?
답변
좋아, 나는 DNS 해상도의 초기 문제를 해결할 수 없었지만 몇 가지 생각 후에 언급 된 작업 (인터넷에서 작업 스테이션에 연결할 수있는 기능)의 VPN이 과도하다는 것을 깨달았습니다.
3389 (RDP)에 대해 역방향 ssh 포트 전달을 구성하고 기존 HTTP 프록시 서버를 사용하여 회사 방화벽을 우회하는 것이 훨씬 쉽습니다 (VPS 서버의 SSH 데몬은 443 포트에서 수신 대기해야 함)