forticlient를 사용하여 VPN에 연결하면 다른 모든 사이트(VPN 외부)에 액세스할 수 없습니다. 내 DNS에 문제가 있는 줄 알았는데 resolved
이제 그럴 수 없다는 걸 깨달았 ping 8.8.8.8
으니 좀 더 근본적인 문제겠죠?
VPN에 연결하면 ifconfig -a
다음이 표시됩니다(루프백이 제거됨).
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::279f:54fe:977f:4e6c prefixlen 64 scopeid 0x20<link>
ether 18:03:73:e6:32:f2 txqueuelen 1000 (Ethernet)
RX packets 74896 bytes 58598268 (55.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59257 bytes 11405705 (10.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xe1500000-e1520000
vpn: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet 10.50.192.11 netmask 255.255.255.255 destination 10.50.192.11
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 59 bytes 13713 (13.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2155 bytes 172229 (168.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
VPN 연결을 끊은 후 언제 기본 DNS 등을 사용할 수 있는지 ifconfig
알려주세요 .
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::279f:54fe:977f:4e6c prefixlen 64 scopeid 0x20<link>
ether 18:03:73:e6:32:f2 txqueuelen 1000 (Ethernet)
RX packets 75682 bytes 58794111 (56.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59981 bytes 11559277 (11.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xe1500000-e1520000
편집(가독성 향상을 위해): ip route
제공됨
$ ip route
default via 10.50.192.14 dev vpn scope link default via 192.168.1.254 dev eno1 proto dhcp metric 100
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.5 metric 100
193.1.103.33 via 192.168.1.254 dev eno1
그리고
resolvectl
주어진
Global Protocols:
+LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 8.8.8.8 DNS Servers: 8.8.8.8 8.8.4.4 DNS Domain: google.com Link 2
(eno1) Current Scopes:
DNS LLMNR/IPv4 LLMNR/IPv6 Protocols:
+DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 8.8.8.8 8.8.4.4 Link 9
(vpn) Current Scopes: DNS LLMNR/IPv4 Protocols:
+DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.220.1.10 10.220.1.11
FWIW 저는 데비안을 실행하고 있습니다
$ uname -a
Linux foirfe 5.15.0-2-amd64 #1 SMP Debian 5.15.5-1 (2021-11-26) x86_64 GNU/Linux
모든 제안에 크게 감사드립니다.
편집 2
traceroute 8.8.8.8
::
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 193.1.101.1 (193.1.101.1) 12.708 ms 12.723 ms 12.736 ms
3 * * *
4 * * *
:
29 * * *
30 * * *
비교를 위해 VPN에 연결되어 있지 않을 때 Traceroute는 다음과 같이 말합니다.
$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 _gateway (192.168.1.254) 0.565 ms 0.763 ms 0.974 ms
2 95-45-22-1-dynamic.agg2.chd.lmk-mlw.eircom.net (95.45.22.1) 5.355 ms 5.445 ms 6.072 ms
3 eth-trunk113.hcore1.mlw.core.eircom.net (86.43.255.90) 12.017 ms 12.097 ms 12.177 ms
4 eth-trunk15.hcore1.prp.core.eircom.net (86.43.254.143) 17.245 ms 17.396 ms 17.496 ms
5 lag-20-br2-6cr-hcore1-prp.br2.6cr.border.eircom.net (86.43.12.215) 12.620 ms 12.889 ms 12.961 ms
6 72.14.211.86 (72.14.211.86) 14.130 ms 11.139 ms 11.057 ms
7 * * *
8 dns.google (8.8.8.8) 10.721 ms 9.487 ms 9.671 ms
그리고 연결 httping
되면
$ httping 8.8.8.8
PING 8.8.8.8:80 (/):
^CGot signal 2
--- http://8.8.8.8/ ping statistics ---
1 connects, 0 ok, 0.00% failed, time 22643ms
nslookup
주어 졌지만
$ nslookup 8.8.8.8
nslookup: parse of /etc/resolv.conf failed
파일은 /etc/resolv.conf
심볼릭 링크입니다.
ls -lu /etc/resolv.conf /run/resolvconf/resolv.conf
lrwxrwxrwx 1 root root 27 Jan 3 15:47 /etc/resolv.conf -> /run/resolvconf/resolv.conf
-rw-r--r-- 1 root root 373 Jan 3 12:44 /run/resolvconf/resolv.conf
이것은 다음과 같습니다:
$ cat /run/resolvconf/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.
nameserver dnsserverip
nameserver 8.8.8.8
nameserver 8.8.4.4
search google.com
nameserver 8.8.8.8