문제: PIA 서버에 연결할 수 있지만 연결한 후에 웹사이트를 확인할 수 없습니다. VPN 연결을 끊으면 모든 웹사이트가 정상적으로 로드됩니다.
내 경우: 5.8.8-arch1-1. Network Manager를 사용하지만 PIA 클라이언트도 있습니다. 작동하지 않습니다. 나가지다Network Manager 및 해당 클라이언트에서 PIA의 DNS 서버를 수동으로 추가해 보십시오(따라서 아치 위키에 링크를 붙여넣지 마십시오). 다른 운영 체제를 통해 PIA를 사용하여 네트워크에 액세스할 수 있으므로 내 구독이 활성화되어 있습니다.
어떤 도움이라도 대단히 감사하겠습니다! 감사해요!
답변1
/var/log/messages 및 /var/log/syslog와 같은 일부 로그 파일이나 "dmesg"를 사용하여 커널 링 버퍼를 읽을 수 있습니다. DNS 설정이 형편없는 것 같습니다. 시스템이 IP를 얻으려고 시도하면 VPN에 연결될 때 DNS 서버에 액세스하도록 구성되어 있지 않기 때문에 IP를 얻을 수 없습니다. 이 문제를 자동으로 해결하는 방법은 없습니다.
이것은 일반적으로 더 이상 발생하지 않습니다. 그러나 NM(Network Manager)에서 PIA를 구성하고 PIA 데스크톱 클라이언트를 사용하는 경우에는 이 작업을 수행할 수 있습니다. PIA의 DNS 서버를 사용하고 싶습니다. 따라서 PIA 클라이언트 설정에서 이를 확인하세요.
nm을 확인하고 모든 PIA VPN을 제거하세요. 먼저 끄십시오. 최신 PIA 클라이언트를 다운로드하여 설치하세요. "iptables -L"을 살펴보십시오. DNS가 차단되었나요? 재시작. "/etc/resolve.conf"를 확인하십시오. 흥미로운 것이 있나요? /var에 또 다른 "resolve.conf" 가상 파일이 있습니다. 그것도 확인해 보세요. 하지만 찾기를 사용하여 찾아야 할 수도 있습니다. /var에 있는 것은 실제로 디스크 파일이 아니라 소켓입니다.
이 과정에서 인터넷 문제가 해결되면 이 답변의 모든 내용을 완료할 필요가 없습니다.
답변2
자세한 답변을 보내주셔서 감사합니다. 방금 클라이언트를 업데이트하고 모든 문제를 해결했으므로 걱정하지 마세요. 무엇을 찾아야 할지 궁금합니다. /var/log/messages나 /var/log/syslog 파일이 없습니다.
사전 업데이트: dmesg다음을 고려하여(Bluetooth 어댑터 및 사운드 카드에 대한 시작 메시지가 끝난 곳부터 시작):
[ 19.382223] Bluetooth: RFCOMM ver 1.11
[ 20.289468] rfkill: input handler disabled
[ 22.012225] wlp115s0: authenticate with 04:d9:f5:2b:4f:a8
[ 22.017983] wlp115s0: send auth to 04:d9:f5:2b:4f:a8 (try 1/3)
[ 22.049891] wlp115s0: authenticated
[ 22.050545] wlp115s0: associate with 04:d9:f5:2b:4f:a8 (try 1/3)
[ 22.052708] wlp115s0: RX AssocResp from 04:d9:f5:2b:4f:a8 (capab=0x1011 status=0 aid=5)
[ 22.062585] wlp115s0: associated
[ 22.089777] IPv6: ADDRCONF(NETDEV_CHANGE): wlp115s0: link becomes ready
[ 22.152999] wlp115s0: Limiting TX power to 30 (30 - 0) dBm as advertised by 04:d9:f5:2b:4f:a8
[ 28.880556] kauditd_printk_skb: 14 callbacks suppressed
[ 28.880557] audit: type=1131 audit(1600680230.347:286): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@969 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 28.888291] audit: type=1131 audit(1600680230.357:287): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@969 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 32.025383] audit: type=1131 audit(1600680233.493:288): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 50.337876] audit: type=1131 audit(1600680251.807:289): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 50.600663] audit: type=1334 audit(1600680252.070:290): prog-id=10 op=UNLOAD
[ 50.600667] audit: type=1334 audit(1600680252.070:291): prog-id=9 op=UNLOAD
[ 50.952688] audit: type=1131 audit(1600680252.420:292): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 51.200918] audit: type=1334 audit(1600680252.670:293): prog-id=16 op=UNLOAD
[ 51.200926] audit: type=1334 audit(1600680252.670:294): prog-id=15 op=UNLOAD
[ 80.021647] audit: type=1131 audit(1600680281.490:295): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 101.104781] audit: type=1334 audit(1600680302.573:296): prog-id=17 op=LOAD
[ 101.104813] audit: type=1334 audit(1600680302.573:297): prog-id=18 op=LOAD
[ 101.344804] audit: type=1130 audit(1600680302.813:298): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 106.863153] audit: type=1325 audit(1600680308.330:299): table=filter family=2 entries=109 op=replace pid=3480 comm="iptables"
[ 106.867682] audit: type=1325 audit(1600680308.337:300): table=filter family=10 entries=93 op=replace pid=3483 comm="ip6tables"
[ 106.886807] audit: type=1325 audit(1600680308.353:301): table=filter family=10 entries=94 op=replace pid=3494 comm="ip6tables"
[ 106.902780] audit: type=1325 audit(1600680308.370:302): table=filter family=2 entries=110 op=replace pid=3503 comm="iptables"
[ 106.907625] audit: type=1325 audit(1600680308.377:303): table=filter family=10 entries=95 op=replace pid=3506 comm="ip6tables"
[ 106.931056] audit: type=1325 audit(1600680308.400:304): table=filter family=2 entries=111 op=replace pid=3519 comm="iptables"
[ 106.935530] audit: type=1325 audit(1600680308.403:305): table=filter family=10 entries=96 op=replace pid=3522 comm="ip6tables"
[ 106.955612] audit: type=1325 audit(1600680308.423:306): table=filter family=2 entries=110 op=replace pid=3533 comm="iptables"
[ 106.960281] audit: type=1325 audit(1600680308.427:307): table=filter family=10 entries=95 op=replace pid=3536 comm="ip6tables"
[ 106.964264] audit: type=1325 audit(1600680308.433:308): table=filter family=2 entries=111 op=replace pid=3539 comm="iptables"
[ 113.410094] tun: Universal TUN/TAP device driver, 1.6
[ 113.433268] kauditd_printk_skb: 1 callbacks suppressed
[ 113.433271] audit: type=1130 audit(1600680314.900:310): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 113.542142] audit: type=1325 audit(1600680315.010:311): table=filter family=2 entries=112 op=replace pid=3663 comm="iptables"
[ 113.545886] audit: type=1325 audit(1600680315.013:312): table=filter family=10 entries=97 op=replace pid=3666 comm="ip6tables"
[ 113.549615] audit: type=1325 audit(1600680315.017:313): table=filter family=2 entries=113 op=replace pid=3669 comm="iptables"
[ 113.553411] audit: type=1325 audit(1600680315.020:314): table=filter family=10 entries=98 op=replace pid=3672 comm="ip6tables"
[ 113.560479] audit: type=1325 audit(1600680315.027:315): table=filter family=2 entries=114 op=replace pid=3677 comm="iptables"
[ 113.564174] audit: type=1325 audit(1600680315.033:316): table=filter family=10 entries=99 op=replace pid=3680 comm="ip6tables"
[ 113.583354] audit: type=1325 audit(1600680315.050:317): table=filter family=2 entries=115 op=replace pid=3693 comm="iptables"
[ 113.587070] audit: type=1325 audit(1600680315.053:318): table=filter family=10 entries=100 op=replace pid=3696 comm="ip6tables"
[ 113.591050] audit: type=1325 audit(1600680315.060:319): table=filter family=2 entries=116 op=replace pid=3699 comm="iptables"
[ 124.029311] kauditd_printk_skb: 20 callbacks suppressed
[ 124.029317] audit: type=1131 audit(1600680325.497:340): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 131.383196] audit: type=1131 audit(1600680332.850:341): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-timedated comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[ 131.402462] audit: type=1334 audit(1600680332.870:342): prog-id=18 op=UNLOAD
[ 131.402464] audit: type=1334 audit(1600680332.870:343): prog-id=17 op=UNLOAD
그리고 iptables -L다음을 제공합니다(업데이트 후, 업데이트 전에 내보내는 것을 잊어버려서 죄송합니다):
Chain INPUT (policy ACCEPT)
target prot opt source destination
piavpn.INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
piavpn.FORWARD all -- anywhere anywhere
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
piavpn.anchors all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain piavpn.000.allowLoopback (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain piavpn.100.blockAll (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain piavpn.100.protectLoopback (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain piavpn.200.allowVPN (0 references)
target prot opt source destination
Chain piavpn.290.allowDHCP (0 references)
target prot opt source destination
ACCEPT udp -- anywhere 255.255.255.255 udp spt:bootpc dpt:bootps
Chain piavpn.300.allowLAN (0 references)
target prot opt source destination
ACCEPT all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere 169.254.0.0/16
ACCEPT all -- anywhere 172.16.0.0/12
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere 255.255.255.255
Chain piavpn.305.allowSubnets (0 references)
target prot opt source destination
Chain piavpn.310.blockDNS (0 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:domain reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:domain reject-with icmp-port-unreachable
Chain piavpn.320.allowDNS (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere cgroup 1384 udp dpt:domain
ACCEPT udp -- anywhere anywhere cgroup 1383 udp dpt:domain
ACCEPT tcp -- anywhere anywhere cgroup 1384 tcp dpt:domain
ACCEPT tcp -- anywhere anywhere cgroup 1383 tcp dpt:domain
Chain piavpn.340.blockVpnOnly (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere cgroup 1384 reject-with icmp-port-unreachable
Chain piavpn.350.allowHnsd (0 references)
target prot opt source destination
Chain piavpn.350.cgAllowHnsd (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere owner GID match piahnsd cgroup 1384 multiport dports domain,13038
ACCEPT udp -- anywhere anywhere owner GID match piahnsd cgroup 1384 multiport dports domain,13038
REJECT all -- anywhere anywhere owner GID match piahnsd reject-with icmp-port-unreachable
Chain piavpn.390.allowWg (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere mark match 0x3213
Chain piavpn.400.allowPIA (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner GID match piavpn
Chain piavpn.FORWARD (1 references)
target prot opt source destination
Chain piavpn.INPUT (1 references)
target prot opt source destination
piavpn.a.100.protectLoopback all -- anywhere anywhere
Chain piavpn.a.000.allowLoopback (1 references)
target prot opt source destination
Chain piavpn.a.100.blockAll (1 references)
target prot opt source destination
Chain piavpn.a.100.protectLoopback (1 references)
target prot opt source destination
piavpn.100.protectLoopback all -- anywhere anywhere
Chain piavpn.a.200.allowVPN (1 references)
target prot opt source destination
Chain piavpn.a.290.allowDHCP (1 references)
target prot opt source destination
Chain piavpn.a.300.allowLAN (1 references)
target prot opt source destination
Chain piavpn.a.305.allowSubnets (1 references)
target prot opt source destination
Chain piavpn.a.310.blockDNS (1 references)
target prot opt source destination
Chain piavpn.a.320.allowDNS (1 references)
target prot opt source destination
Chain piavpn.a.340.blockVpnOnly (1 references)
target prot opt source destination
piavpn.340.blockVpnOnly all -- anywhere anywhere
Chain piavpn.a.350.allowHnsd (1 references)
target prot opt source destination
Chain piavpn.a.350.cgAllowHnsd (1 references)
target prot opt source destination
Chain piavpn.a.390.allowWg (1 references)
target prot opt source destination
Chain piavpn.a.400.allowPIA (1 references)
target prot opt source destination
Chain piavpn.anchors (1 references)
target prot opt source destination
piavpn.a.000.allowLoopback all -- anywhere anywhere
piavpn.a.400.allowPIA all -- anywhere anywhere
piavpn.a.390.allowWg all -- anywhere anywhere
piavpn.a.350.allowHnsd all -- anywhere anywhere
piavpn.a.350.cgAllowHnsd all -- anywhere anywhere
piavpn.a.340.blockVpnOnly all -- anywhere anywhere
piavpn.a.320.allowDNS all -- anywhere anywhere
piavpn.a.310.blockDNS all -- anywhere anywhere
piavpn.a.305.allowSubnets all -- anywhere anywhere
piavpn.a.300.allowLAN all -- anywhere anywhere
piavpn.a.290.allowDHCP all -- anywhere anywhere
piavpn.a.200.allowVPN all -- anywhere anywhere
piavpn.a.100.blockAll all -- anywhere anywhere
/etc/resolv.conf다음을 제공합니다:
# Generated by NetworkManager
nameserver 192.168.192.111
nameserver 192.168.192.1
nameserver 198.162.192.111
.111은 내 파이홀 DNS 조회 서버이고 .1은 내 라우터입니다. 왜 .111이 두 번 있는지 잘 모르겠습니다.
또한 흥미로운 점은 네트워크 관리자는 여전히 작동하지 않지만 클라이언트는 작동한다는 것입니다. 아마도 OpenVPN에서 새로운 Wireguard 프로토콜로 전환하는 것과 관련이 있을까요?