El cliente openvpn se conecta al servidor pero la resolución de nombre no funciona

11

Aquí está mi (x) versión de ubuntu:

root@ubuntu:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:   trusty

el administrador de red ha sido purgado; Hice un apt-clean después de la desinstalación. necesita el paquete network-manager-openvpn cuando ejecuta openvpn con network-manager

Antes de montar el VPN, esto es lo que tenemos:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 wlan0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0


wlan0     Link encap:Ethernet  HWaddr 00:24:01:ee:91:3d  
          inet addr:192.168.2.79  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::224:1ff:feee:913d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:539 errors:0 dropped:0 overruns:0 frame:0
          TX packets:442 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:628026 (628.0 KB)  TX bytes:56869 (56.8 KB)

Ping es filtrado por el ISP:

root@ubuntu:~# ping www.google.com
PING www.google.com (64.233.167.103) 56(84) bytes of data.
From 192.168.2.1 icmp_seq=1 Destination Net Prohibited
From 192.168.2.1 icmp_seq=2 Destination Net Prohibited
From 192.168.2.1 icmp_seq=3 Destination Net Prohibited

Puedo hacer ping a la pila:

root@ubuntu:~# ping 192.168.02.79
PING 192.168.02.79 (192.168.2.79) 56(84) bytes of data.
64 bytes from 192.168.2.79: icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from 192.168.2.79: icmp_seq=2 ttl=64 time=0.049 ms

Instalé la configuración del cliente de un proveedor de VPN gratuito. Aquí está la configuración del cliente:

client
dev tun1
proto tcp
remote 93.115.83.250 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
###---I just added the following: ----
verb 6

Me conecto al servidor vpn:

Thu Dec  4 15:16:36 2014 us=990883 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Dec  4 15:16:36 2014 us=990952 NOTE: --fast-io is disabled since we are not using UDP
Thu Dec  4 15:16:36 2014 us=992665 LZO compression initialized
Thu Dec  4 15:16:36 2014 us=992867 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Dec  4 15:16:36 2014 us=992969 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Dec  4 15:16:36 2014 us=993035 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Dec  4 15:16:36 2014 us=993091 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Dec  4 15:16:36 2014 us=993113 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Dec  4 15:16:36 2014 us=993170 Local Options hash (VER=V4): 'bc07730e'
Thu Dec  4 15:16:36 2014 us=993211 Expected Remote Options hash (VER=V4): 'b695cb4a'
Thu Dec  4 15:16:36 2014 us=993259 Attempting to establish TCP connection with [AF_INET]93.115.83.250:443 [nonblock]
Thu Dec  4 15:16:37 2014 us=993523 TCP connection established with [AF_INET]93.115.83.250:443
Thu Dec  4 15:16:37 2014 us=993596 TCPv4_CLIENT link local: [undef]
Thu Dec  4 15:16:37 2014 us=993625 TCPv4_CLIENT link remote: [AF_INET]93.115.83.250:443
Thu Dec  4 15:16:37 2014 us=993748 TCPv4_CLIENT WRITE [14] to [AF_INET]93.115.83.250:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Dec  4 15:16:38 2014 us=90125 TCPv4_CLIENT READ [26] from [AF_INET]93.115.83.250:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu Dec  4 15:16:38 2014 us=90205 TLS: Initial packet from [AF_INET]93.115.83.250:443, sid=c7148944 7465b88f
Thu Dec  4 15:16:38 2014 us=90260 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 0 ]
Thu Dec  4 15:16:38 2014 us=90329 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Dec  4 15:16:38 2014 us=90360 TCPv4_CLIENT WRITE [114] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Dec  4 15:16:38 2014 us=90385 TCPv4_CLIENT WRITE [114] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Dec  4 15:16:38 2014 us=90409 TCPv4_CLIENT WRITE [39] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=25
Thu Dec  4 15:16:38 2014 us=320860 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 1 ]
Thu Dec  4 15:16:38 2014 us=454622 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 2 ]
Thu Dec  4 15:16:38 2014 us=454685 TCPv4_CLIENT READ [126] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Thu Dec  4 15:16:38 2014 us=454770 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Dec  4 15:16:38 2014 us=454791 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Dec  4 15:16:38 2014 us=454812 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Thu Dec  4 15:16:38 2014 us=454833 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 1 ]
Thu Dec  4 15:16:38 2014 us=454882 TCPv4_CLIENT WRITE [30] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 2 3 4 ]
Thu Dec  4 15:16:38 2014 us=550166 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu Dec  4 15:16:38 2014 us=550236 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 5 ]
Thu Dec  4 15:16:38 2014 us=647096 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu Dec  4 15:16:38 2014 us=647160 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 6 ]
Thu Dec  4 15:16:38 2014 us=742280 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu Dec  4 15:16:38 2014 us=742347 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu Dec  4 15:16:38 2014 us=742399 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 7 ]
Thu Dec  4 15:16:38 2014 us=742419 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 8 ]
Thu Dec  4 15:16:38 2014 us=836052 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu Dec  4 15:16:38 2014 us=836258 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 9 ]
Thu Dec  4 15:16:38 2014 us=929756 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu Dec  4 15:16:38 2014 us=929826 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 10 ]
Thu Dec  4 15:16:39 2014 us=23949 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu Dec  4 15:16:39 2014 us=24066 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu Dec  4 15:16:39 2014 us=24098 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 11 ]
Thu Dec  4 15:16:39 2014 us=24124 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 12 ]
Thu Dec  4 15:16:39 2014 us=117875 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu Dec  4 15:16:39 2014 us=117994 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 13 ]
Thu Dec  4 15:16:39 2014 us=212512 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu Dec  4 15:16:39 2014 us=212671 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 14 ]
Thu Dec  4 15:16:39 2014 us=307308 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu Dec  4 15:16:39 2014 us=307424 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu Dec  4 15:16:39 2014 us=307456 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 15 ]
Thu Dec  4 15:16:39 2014 us=307483 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 16 ]
Thu Dec  4 15:16:39 2014 us=401580 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu Dec  4 15:16:39 2014 us=401755 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 17 ]
Thu Dec  4 15:16:39 2014 us=496062 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu Dec  4 15:16:39 2014 us=496182 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 18 ]
Thu Dec  4 15:16:39 2014 us=591394 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu Dec  4 15:16:39 2014 us=591551 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Thu Dec  4 15:16:39 2014 us=591628 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 19 ]
Thu Dec  4 15:16:39 2014 us=591691 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 20 ]
Thu Dec  4 15:16:39 2014 us=687983 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Thu Dec  4 15:16:39 2014 us=688097 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 21 ]
Thu Dec  4 15:16:39 2014 us=782779 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Thu Dec  4 15:16:39 2014 us=782866 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 22 ]
Thu Dec  4 15:16:39 2014 us=877451 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Thu Dec  4 15:16:39 2014 us=877607 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Thu Dec  4 15:16:39 2014 us=877683 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 23 ]
Thu Dec  4 15:16:39 2014 us=877812 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 24 ]
Thu Dec  4 15:16:39 2014 us=971340 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=100
Thu Dec  4 15:16:39 2014 us=971458 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 25 ]
Thu Dec  4 15:16:40 2014 us=65227 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=26 DATA len=100
Thu Dec  4 15:16:40 2014 us=65346 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 26 ]
Thu Dec  4 15:16:40 2014 us=160165 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=27 DATA len=100
Thu Dec  4 15:16:40 2014 us=161894 VERIFY OK: depth=1, C=MT, ST=MLT, L=Valletta, O=FreeVPN.me, OU=FreeVPN.me, CN=FreeVPN.me CA, name=FreeVPN.me, [email protected]
Thu Dec  4 15:16:40 2014 us=163344 VERIFY OK: depth=0, C=MT, ST=MLT, L=Valletta, O=FreeVPN.me, OU=FreeVPN.me, CN=FreeVPN.me, name=FreeVPN.me, [email protected]
Thu Dec  4 15:16:40 2014 us=163472 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=28 DATA len=100
Thu Dec  4 15:16:40 2014 us=163551 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 27 ]
Thu Dec  4 15:16:40 2014 us=163616 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 28 ]
Thu Dec  4 15:16:40 2014 us=253396 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=100
Thu Dec  4 15:16:40 2014 us=253509 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 29 ]
Thu Dec  4 15:16:40 2014 us=347870 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=100
Thu Dec  4 15:16:40 2014 us=347990 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 30 ]
Thu Dec  4 15:16:40 2014 us=441661 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=31 DATA len=100
Thu Dec  4 15:16:40 2014 us=441820 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=32 DATA len=100
Thu Dec  4 15:16:40 2014 us=441897 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 31 ]
Thu Dec  4 15:16:40 2014 us=441961 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 32 ]
Thu Dec  4 15:16:40 2014 us=537084 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=33 DATA len=100
Thu Dec  4 15:16:40 2014 us=537156 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 33 ]
Thu Dec  4 15:16:40 2014 us=631310 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=34 DATA len=100
Thu Dec  4 15:16:40 2014 us=631481 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 34 ]
Thu Dec  4 15:16:40 2014 us=724912 TCPv4_CLIENT READ [103] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=35 DATA len=89
Thu Dec  4 15:16:40 2014 us=779076 TCPv4_CLIENT WRITE [126] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ 35 ] pid=4 DATA len=100
Thu Dec  4 15:16:40 2014 us=779109 TCPv4_CLIENT WRITE [114] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu Dec  4 15:16:40 2014 us=779129 TCPv4_CLIENT WRITE [114] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu Dec  4 15:16:40 2014 us=779149 TCPv4_CLIENT WRITE [40] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=26
Thu Dec  4 15:16:40 2014 us=956873 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 4 ]
Thu Dec  4 15:16:41 2014 us=89394 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 5 ]
Thu Dec  4 15:16:41 2014 us=89581 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 6 ]
Thu Dec  4 15:16:41 2014 us=89642 TCPv4_CLIENT READ [126] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ 7 ] pid=36 DATA len=100
Thu Dec  4 15:16:41 2014 us=89717 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=37 DATA len=100
Thu Dec  4 15:16:41 2014 us=89954 TCPv4_CLIENT READ [48] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=38 DATA len=34
Thu Dec  4 15:16:41 2014 us=90276 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 36 ]
Thu Dec  4 15:16:41 2014 us=90385 TCPv4_CLIENT WRITE [130] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ 37 38 ] pid=8 DATA len=100
Thu Dec  4 15:16:41 2014 us=90433 TCPv4_CLIENT WRITE [114] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu Dec  4 15:16:41 2014 us=90505 TCPv4_CLIENT WRITE [114] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu Dec  4 15:16:41 2014 us=90548 TCPv4_CLIENT WRITE [92] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=78
Thu Dec  4 15:16:41 2014 us=322864 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 8 ]
Thu Dec  4 15:16:41 2014 us=454411 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 9 ]
Thu Dec  4 15:16:41 2014 us=454575 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 10 ]
Thu Dec  4 15:16:41 2014 us=454623 TCPv4_CLIENT READ [126] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ 11 ] pid=39 DATA len=100
Thu Dec  4 15:16:41 2014 us=454730 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=40 DATA len=100
Thu Dec  4 15:16:41 2014 us=454778 TCPv4_CLIENT READ [96] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=41 DATA len=82
Thu Dec  4 15:16:41 2014 us=455128 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Dec  4 15:16:41 2014 us=455157 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec  4 15:16:41 2014 us=455180 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Dec  4 15:16:41 2014 us=455254 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec  4 15:16:41 2014 us=455302 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 39 ]
Thu Dec  4 15:16:41 2014 us=455404 TCPv4_CLIENT WRITE [26] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 40 41 ]
Thu Dec  4 15:16:41 2014 us=455459 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Dec  4 15:16:41 2014 us=455541 [FreeVPN.me] Peer Connection Initiated with [AF_INET]93.115.83.250:443
Thu Dec  4 15:16:43 2014 us=814138 SENT CONTROL [FreeVPN.me]: 'PUSH_REQUEST' (status=1)
Thu Dec  4 15:16:43 2014 us=814256 TCPv4_CLIENT WRITE [104] to [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=90
Thu Dec  4 15:16:43 2014 us=911787 TCPv4_CLIENT READ [22] from [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 12 ]
Thu Dec  4 15:16:44 2014 us=51636 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=42 DATA len=100
Thu Dec  4 15:16:44 2014 us=51861 TCPv4_CLIENT READ [114] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=43 DATA len=100
Thu Dec  4 15:16:44 2014 us=51915 TCPv4_CLIENT READ [48] from [AF_INET]93.115.83.250:443: P_CONTROL_V1 kid=0 [ ] pid=44 DATA len=34
Thu Dec  4 15:16:44 2014 us=52032 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.13.0.1,topology net30,ping 15,ping-restart 120,ifconfig 10.13.0.94 10.13.0.93'
Thu Dec  4 15:16:44 2014 us=52202 OPTIONS IMPORT: timers and/or timeouts modified
Thu Dec  4 15:16:44 2014 us=52224 OPTIONS IMPORT: --ifconfig/up options modified
Thu Dec  4 15:16:44 2014 us=52242 OPTIONS IMPORT: route options modified
Thu Dec  4 15:16:44 2014 us=52258 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Dec  4 15:16:44 2014 us=52563 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=wlan0 HWADDR=00:24:01:ee:91:3d
Thu Dec  4 15:16:44 2014 us=53073 TUN/TAP device tun1 opened
Thu Dec  4 15:16:44 2014 us=53110 TUN/TAP TX queue length set to 100
Thu Dec  4 15:16:44 2014 us=53142 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Dec  4 15:16:44 2014 us=53207 /sbin/ip link set dev tun1 up mtu 1500
Thu Dec  4 15:16:44 2014 us=55739 /sbin/ip addr add dev tun1 local 10.13.0.94 peer 10.13.0.93
Thu Dec  4 15:16:44 2014 us=56888 TCPv4_CLIENT WRITE [22] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 42 ]
Thu Dec  4 15:16:44 2014 us=57018 TCPv4_CLIENT WRITE [26] to [AF_INET]93.115.83.250:443: P_ACK_V1 kid=0 [ 43 44 ]
Thu Dec  4 15:16:46 2014 us=237316 /sbin/ip route add 93.115.83.250/32 via 192.168.2.1
Thu Dec  4 15:16:46 2014 us=238627 /sbin/ip route add 0.0.0.0/1 via 10.13.0.93
Thu Dec  4 15:16:46 2014 us=240611 /sbin/ip route add 128.0.0.0/1 via 10.13.0.93
Thu Dec  4 15:16:46 2014 us=243113 /sbin/ip route add 10.13.0.1/32 via 10.13.0.93
Thu Dec  4 15:16:46 2014 us=245592 Initialization Sequence Completed

El vpn ahora está montado:

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.13.0.94  P-t-P:10.13.0.93  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Aquí está la tabla de enrutamiento cuando vpn está en su lugar:

ubuntu@ubuntu:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.13.0.93      128.0.0.0       UG    0      0        0 tun1
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 wlan0
10.13.0.1       10.13.0.93      255.255.255.255 UGH   0      0        0 tun1
10.13.0.93      0.0.0.0         255.255.255.255 UH    0      0        0 tun1
93.115.83.250   192.168.2.1     255.255.255.255 UGH   0      0        0 wlan0
128.0.0.0       10.13.0.93      128.0.0.0       UG    0      0        0 tun1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0


ubuntu@ubuntu:~$ ip route show
0.0.0.0/1 via 10.13.0.93 dev tun1 
default via 192.168.2.1 dev wlan0 
10.13.0.1 via 10.13.0.93 dev tun1 
10.13.0.93 dev tun1  proto kernel  scope link  src 10.13.0.94 
93.115.83.250 via 192.168.2.1 dev wlan0 
128.0.0.0/1 via 10.13.0.93 dev tun1 
192.168.2.0/24 dev wlan0  proto kernel  scope link  src 192.168.2.79 

Puedo hacer ping a la pila:

ubuntu@ubuntu:~$ ping 10.13.0.94
PING 10.13.0.94 (10.13.0.94) 56(84) bytes of data.
64 bytes from 10.13.0.94: icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from 10.13.0.94: icmp_seq=2 ttl=64 time=0.054 ms

Puedo hacer ping al servidor vpn:

ubuntu@ubuntu:~$ ping 10.13.0.1
PING 10.13.0.1 (10.13.0.1) 56(84) bytes of data.
64 bytes from 10.13.0.1: icmp_seq=1 ttl=64 time=96.1 ms
64 bytes from 10.13.0.1: icmp_seq=2 ttl=64 time=99.6 ms

No puedo hacer ping al host final del túnel (que es normal):

ubuntu@ubuntu:~$ ping 10.13.0.93
PING 10.13.0.93 (10.13.0.93) 56(84) bytes of data.
From 10.13.0.1 icmp_seq=1 Destination Host Prohibited
From 10.13.0.1 icmp_seq=2 Destination Host Prohibited

Puedo hacer ping a cualquier ip en internet a través del túnel:

ubuntu@ubuntu:~$ ping 212.27.40.240 
PING 212.27.40.240 (212.27.40.240) 56(84) bytes of data.
64 bytes from 212.27.40.240: icmp_seq=1 ttl=49 time=138 ms
64 bytes from 212.27.40.240: icmp_seq=2 ttl=49 time=137 ms
64 bytes from 212.27.40.240: icmp_seq=3 ttl=49 time=137 ms

ubuntu@ubuntu:~$ ping 173.194.44.18
PING 173.194.44.18 (173.194.44.18) 56(84) bytes of data.
64 bytes from 173.194.44.18: icmp_seq=1 ttl=51 time=140 ms
64 bytes from 173.194.44.18: icmp_seq=2 ttl=51 time=1722 ms
64 bytes from 173.194.44.18: icmp_seq=3 ttl=51 time=809 ms

Puedo hacer ping a ambos dns proporcionados por el vpn

ubuntu@ubuntu:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=130 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=130 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=133 ms


ubuntu@ubuntu:~$ ping 8.8.4.4
PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=52 time=128 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=52 time=127 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=52 time=128 ms

Hice un pequeño volcado para asegurarme de que el túnel se usa al hacer ping a una ip en internet:

root@ubuntu:~# tcpdump -ni any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol dec ode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
11:18:12.091704 IP 10.13.0.94 > 212.27.40.240: ICMP echo request, id 6625, seq 1, length 64
11:18:12.227045 IP 212.27.40.240 > 10.13.0.94: ICMP echo reply, id 6625, seq 1, length 64
11:18:13.093187 IP 10.13.0.94 > 212.27.40.240: ICMP echo request, id 6625, seq 2, length 64
11:18:13.228153 IP 212.27.40.240 > 10.13.0.94: ICMP echo reply, id 6625, seq 2, length 64
11:18:14.094211 IP 10.13.0.94 > 212.27.40.240: ICMP echo request, id 6625, seq 3,

el volcado anterior muestra que no hay problemas de enrutamiento también.

pero no puedo resolver nada:

ubuntu@ubuntu:~$ nslookup www.google.com 8.8.8.8
;; connection timed out; no servers could be reached

ubuntu@ubuntu:~$ nslookup www.google.com 8.8.4.4
;; connection timed out; no servers could be reached

tcpdump muestra que las solicitudes de dns se envían, pero nunca vemos ninguna respuesta a nuestras solicitudes:

root@ubuntu:~# tcpdump -ni any port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
15:31:42.213105 IP 10.13.0.94.36335 > 8.8.8.8.53: 55836+ A? www.google.com. (32)
15:31:47.213243 IP 10.13.0.94.36335 > 8.8.8.8.53: 55836+ A? www.google.com. (32)
15:31:52.213427 IP 10.13.0.94.36335 > 8.8.8.8.53: 55836+ A? www.google.com. (32)

No hay filtro en su lugar:

root@ubuntu:~# ufw status
Status: inactive

iptables no instalado

No creo que sea un problema de enrutamiento, porque el ping a una ip de internet o al dns ips (del vpn) vuelve normalmente.

Revisé syslog pero no encontré ningún registro relacionado con vpn.

He intentado con otro proveedor de VPN gratuito y tengo exactamente el mismo problema.

He buscado una y otra vez a través de google, pero no pude encontrar ninguna respuesta acertada o plomo. Comienza a volverse loco en este punto, porque comienzo a hacer las mismas pruebas una y otra vez y no sé qué hacer.

las publicaciones que ya leí en stackoverflow:

No hay internet en conexión OpenVPN -> la solución es poner 'push "dhcp-option DNS 8.8.8.8"' en la configuración del servidor. En cuanto a mí, esta opción aparece en la salida de depuración al iniciar el cliente.

OpenVPN + iptables: no reenvía tráfico -> es un problema relacionado con el servidor + reglas de iptables.

(SOLUCIONADO) OpenVPN: la conexión del administrador de red de Ubuntu está bien, pero no se resuelve, no hace ping, no hay internet -> este parecía muy interesante, pero el problema de dns se resolvió con el comando dnsmasq en el vps.

/superuser/717383/vpn-dns-resolution -> Creo que este es un problema relacionado con el servidor.

El servidor OpenVPN no proporciona acceso a Internet -> no se proporciona ninguna solución, pero supongo que se trata más de iptables (opción de reenvío) o un problema relacionado con el servidor.

Envié un correo a ambos proveedores de VPN pero no recibí respuesta después de más de 2 días.

¿alguna idea? muchas gracias amigos

blue_xylo
fuente

Respuestas:

25

Ubuntu hace cosas mágicas con DNS, pero afortunadamente OpenVPN proporciona una manera de lidiar con eso. Si ha instalado openvpn desde los repositorios de Ubuntu, tendrá un script en / etc / openvpn / update-resolv-conf para decirle a Ubuntu qué DNS debe usar para su conexión vpn. Para usarlo, agregue las siguientes líneas a su archivo de configuración de openvpn:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Eso ejecutará el script cuando su conexión VPN se active y desactive, y actualizará la configuración de DNS en consecuencia.

Editar (20-06-2018): Como @Thenightmanager menciona en los comentarios, Ubuntu moderno (al menos 18.04 y más reciente) introdujo algo de magia DNS adicional systemd, y el script update-resolv-conf podría no ser suficiente. Consulte update-systemd-resolve para una posible alternativa de trabajo.

Steffan Karger
fuente
gracias Steffan; Conozco este script, normalmente lo uso para evitar fugas dns; Lo he usado para el presente problema en vano. Pero lo intentaré nuevamente y volveré con una respuesta.
blue_xylo
Agrego script-security 2 up / etc / openvpn / update-resolv-conf down / etc / openvpn / update-resolv-conf a la configuración de mi cliente. Puedo hacer ping a la pila: puedo hacer ping a vpn serveR, DNS, IP externas pero no puede resolver nslookup www.google.com ;; tiempo de conexión agotado; no se pudo llegar a ningún servidor nslookup www.google.com 8.8.8.8 ;; tiempo de conexión agotado; no se pudo llegar a ningún servidor nslookup www.google.com 8.8.4.4 ;; tiempo de conexión agotado; no se pudo llegar a ningún servidor
blue_xylo
He estado luchando con MTU y todo por un tiempo ahora. Tropecé con esta gema y solucioné mi problema. Gracias por la respuesta funcionó para mis problemas.
Jim W.
Muchas gracias por este consejo, me fue inmensamente útil en el pasado. Tenga en cuenta que en Ubuntu 18.04 (y quizás ya en Ubuntu 17.04) update-systemd-resolveddebería usarse en lugar de update-resolv-conf.
El gerente nocturno
Gracias, el update-systemd-resolvedscript funcionó perfectamente para mí en Ubuntu 18.04.
jchook
1

Vale la pena señalar que debe existir alguna forma de NAT para que DNS (o cualquier información de Internet) funcione a través de una VPN. Típicamente: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Sin embargo, usted declara:

iptables no instalado

Si esto es así, su enrutador LAN del servidor debe realizar NAT y tener una ruta estática para su VPN apuntando a la IP de su servidor VPN.

dotvotdot
fuente
0

El mismo problema aquí con Ubuntu 15 y OpenVPN 2.3.2: el cliente no tiene en cuenta el "dhcp-option DNS 8.8.8.8".

Mi solución fue usar el Network Management Framework (+ openvpn plugin) para configurar la VPN. Pero, de nuevo, el "dhcp-option DNS" no se tiene en cuenta, por lo que agregué 8.8.8.8 manualmente en "Configuración de IPV4 / servidores DNS". Solo entonces puedo ver en el registro:

NetworkManager [786]: DNS interno: 8.8.8.8

dnsmasq [1020]: uso del servidor de nombres 8.8.8.8 # 53

Tom
fuente