r****t
发帖数: 10904 | 1 【 以下文字转载自 PDA 讨论区 】
发信人: repast (xebec), 信区: PDA
标 题: [求教]: openvpn over http-proxy dns 设置问题
发信站: BBS 未名空间站 (Thu Mar 10 04:54:51 2011, 美东)
尝试用 openvpn over http-proxy, 遇到 DNS 问题。http proxy 用 polip.
1. 我有个有关键字的域名解释到 ip of A.
2. behind gateway A, polipo 和 openvpn 都运行在同一台机器 B 上.polipo
listens B:8080
3. Gateway A port forwards A:8080 to B:8080 (on which polipo is listening).
手机的 client.conf 里 http-proxy 是 A 的域名。remote 按理说是 B 的域名, 填了
一个 local domain name of B, 通过 wifi 连成功了.
可是这个比较不稳定,重连的时候遇到过一次"无法解析 A 的域名"的问题,enable
openvpn over 3G, 更是次次都停在这儿。
感谢任何建议! | x****s
发帖数: 921 | 2 I have the same setup..
手机的 client.conf, http-proxy and remote both use DNS of A.
on A, port forward both openvpn and polipo port to B.
After that, you may need play with iptables if using tun. (this is most
difficult part when I setup mine) | r****t
发帖数: 10904 | 3
你是说 domain name of A?
这样就要 forward 两个端口了。我最早就是这样设置的,每次连 DNS 都会说无法 resolve.
我回去试试看,谢谢。
【在 x****s 的大作中提到】
: I have the same setup..
: 手机的 client.conf, http-proxy and remote both use DNS of A.
: on A, port forward both openvpn and polipo port to B.
: After that, you may need play with iptables if using tun. (this is most
: difficult part when I setup mine)
| x****s
发帖数: 921 | 4 the external DNS name of A. for example:
remote xx_keyword.no-ip.org 54321
http-proxy xx_keyword.no-ip.org 8081 /sdcard/openvpn/pass.txt basic
you can hardcode DNS server to 8.8.8.8
这基本都是因为iptable的问题. 记住tun 每个connection相关有四个IP, 只有两个能互相ping通.这之后就可以 verify routing table, try internet access (use IP only first.),if not work, fix iptable.
http://openvpn.net/index.php/open-source/faq/77-server/273-qifc
resolve. | x****s
发帖数: 921 | 5 看你开了新贴问iptable,不知道是不是关于这个,我diff 了一下我的iptables,setup
openvpn时加了这些
*nat
-A POSTROUTING -o eth0 -j MASQUERADE
*filter
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
HTH
个能互相ping通.这之后就可以 verify routing table, try internet access (use
IP only first.),if not work, fix iptable.
【在 x****s 的大作中提到】
: the external DNS name of A. for example:
: remote xx_keyword.no-ip.org 54321
: http-proxy xx_keyword.no-ip.org 8081 /sdcard/openvpn/pass.txt basic
: you can hardcode DNS server to 8.8.8.8
: 这基本都是因为iptable的问题. 记住tun 每个connection相关有四个IP, 只有两个能互相ping通.这之后就可以 verify routing table, try internet access (use IP only first.),if not work, fix iptable.
: http://openvpn.net/index.php/open-source/faq/77-server/273-qifc
: resolve.
| r****t
发帖数: 10904 | 6 When I think about it again. One thing might be critical: after several
failures, I recall there's an option in the openvpn settings (on android)
called "Fix DNS", which change the cell phone's DNS from a local one getting
from my wifi (or 3G provider I guess?) to 8.8.8.8, after I opt for that,
the tries thereafter remain successful. I'll wait and see if this really
works robustly.
Next I'll try to figure out routing. Thank you very much!
a
【在 r****t 的大作中提到】
:
: 你是说 domain name of A?
: 这样就要 forward 两个端口了。我最早就是这样设置的,每次连 DNS 都会说无法 resolve.
: 我回去试试看,谢谢。
| r****t
发帖数: 10904 | 7 Thanks buddy! this totally works!
setup
use
【在 x****s 的大作中提到】
: 看你开了新贴问iptable,不知道是不是关于这个,我diff 了一下我的iptables,setup
: openvpn时加了这些
: *nat
: -A POSTROUTING -o eth0 -j MASQUERADE
: *filter
: -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
: -A FORWARD -i tun0 -o eth0 -j ACCEPT
: HTH
:
: 个能互相ping通.这之后就可以 verify routing table, try internet access (use
|
|
