O servidor DNS local não está resolvendo nomes quando a máquina está conectada à VPN

1

Estou tentando configurar uma pequena rede VPN usando o OpenVPN, que me permitirá conectar-se à minha estação de trabalho no escritório em casa.

Eu já configurei o servidor OpenVPN, as chaves geradas e os arquivos de configuração do cliente. Tudo funciona Posso me conectar à minha máquina de trabalho no escritório a partir de casa via RDP, mas há um problema - os nomes DNS para recursos locais não podem ser resolvidos quando o PC do trabalho está conectado à minha VPN:

C:\Users\user>nslookup jira.corporate_domain.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.54.11

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\user>nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.54.11

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\user>nslookup google.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4008:808::200e
          216.58.219.142

Eu adicionei nosso servidor DNS local ao arquivo de configuração do cliente e também adicionei uma rota estática para isso, não funciona. Aqui estão as configurações atuais no cliente:

SO do PC cliente: Windows 10

client_config.ovpn :

client
nobind
dev tun
key-direction 1
remote-cert-tls server

remote vpn.dns_name_of_my_server.ru 443 tcp
http-proxy proxy.corporate_dns_name.com 3129
dhcp-option DNS 192.168.54.11 
route 192.168.54.11 255.255.255.255 192.168.37.1
route 192.168.70.11 255.255.255.255 192.168.37.1

ipconfig /all no cliente:

C:\Users\user>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : S0003445
   Primary Dns Suffix  . . . . . . . : ad.corporate_domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ad.corporate_domain.com
Ethernet adapter Ethernet 3:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-B6-98-50-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cd6:8fec:5f45:9f4f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.255.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : 30 сентября 2016 г. 17:23:51
   Lease Expires . . . . . . . . . . : 30 сентября 2017 г. 17:23:50
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.255.5
   DHCPv6 IAID . . . . . . . . . . . : 369164214
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : 192.168.54.11
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . : ad.corporate_domain.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 10-C3-7B-4C-A0-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1c57:9c8c:64b2:1aeb%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.37.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 29 сентября 2016 г. 11:04:00
   Lease Expires . . . . . . . . . . : 7 октября 2016 г. 11:03:57
   Default Gateway . . . . . . . . . : 192.168.37.1
   DHCP Server . . . . . . . . . . . : 192.168.70.21
   DHCPv6 IAID . . . . . . . . . . . : 51430267
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : 192.168.70.11
                                       192.168.54.11
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-34-4C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8cd8:5f1d:f24f:fc95%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 201850919
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network #2:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2
   Physical Address. . . . . . . . . : 08-00-27-00-F8-A8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e0b9:a45e:e853:1456%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.99.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 285736999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-ED-10-9F-10-C3-7B-4C-A0-FA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{E1337BD8-BE7B-4699-B5B6-6404A1995408}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.ad.sperasoft.com:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ad.sperasoft.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{B6985062-CC79-4BE2-9963-92484A01C1D6}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{9CB069EA-424F-4D8A-AE63-43372ED9F0BF}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

O servidor DNS local está disponível por meio de ping :

C:\Users\user>ping 192.168.54.11

Pinging 192.168.54.11 with 32 bytes of data:
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=41ms TTL=126
Reply from 192.168.54.11: bytes=32 time=42ms TTL=126
Reply from 192.168.54.11: bytes=32 time=40ms TTL=126

Ping statistics for 192.168.54.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 42ms, Average = 41ms

A rota estática para ele também está funcionando corretamente, a partir de tracert :

C:\Users\user>tracert 192.168.54.11

Tracing route to 192.168.54.11 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.37.1
  2    40 ms    39 ms    39 ms  192.168.50.2
  3    44 ms    40 ms    40 ms  192.168.54.11

Trace complete.

O que estou perdendo?

    
por Ilya Khadykin 30.09.2016 / 19:03

2 respostas

0

Ok, eu não consegui resolver um problema inicial com a resolução de DNS, mas depois de pensar, percebi que a VPN para a tarefa mencionada (uma capacidade de se conectar à estação de trabalho da Internet) é um exagero.

É muito mais fácil configurar o encaminhamento de porta ssh reverso para 3389 (RDP) e ignorar o firewall corporativo usando o servidor proxy HTTP existente (o daemon ssh no servidor VPS deve ouvir a porta 443 para que isso funcione)

    
por 07.10.2016 / 21:54
1

Você pode tê-lo funcionando, empurrando o sufixo DNS do domínio para o seu cliente e movendo o adaptador TAP para o topo da ordem de ligação (menor métrica). Você conseguiu executar o ping com êxito no FQDN dos hosts de domínio que estava tentando acessar?

    
por 21.08.2017 / 13:11