Viscosity客户端连接VPN后DNS请求异常导致无法上网的问题排查与解决方案咨询
2026-4-20
Viscosity客户端连接VPN后DNS请求异常导致无法上网的问题排查与解决方案咨询
我目前在macOS 14.2.1系统上使用Viscosity 1.10.8版本,朋友给了我一份OpenVPN客户端配置文件,内容如下:
client dev tun remote <MY FRIEND'S IP> 1194 tcp tun-mtu 1500 tls-client nobind ping 15 ping-restart 45 ping-timer-rem mute-replay-warnings verb 3 cipher AES-128-CBC auth SHA1 auth-user-pass remote-cert-tls server redirect-gateway def1 <ca> -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- </ca>
但连接上VPN后完全无法上网,奇怪的是这份配置文件在OpenVPN Connect客户端里能正常工作,所以我不确定问题是出在Viscosity本身,还是更通用的OpenVPN设置上。
我用nslookup结合tcpdump抓包分析后,发现问题出在DNS请求上。当我启动抓包并执行nslookup www.google.it时,得到的输出是:
$ sudo tcpdump -ni any port 53 tcpdump: data link type PKTAP tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on any, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes 18:30:19.403577 IP 127.0.0.1.55553 > 127.0.0.1.53: 14064+ A? www.google.it. (31) 18:30:19.403591 IP 127.0.0.1.55553 > 127.0.0.1.53: 14064+ A? www.google.it. (31) 18:30:20.404482 IP6 ::1.50658 > ::1.53: 14064+ A? www.google.it. (31) 18:30:20.404503 IP6 ::1.50658 > ::1.53: 14064+ A? www.google.it. (31) 18:30:25.409492 IP 127.0.0.1.55553 > 127.0.0.1.53: 14064+ A? www.google.it. (31) 18:30:25.409523 IP 127.0.0.1.55553 > 127.0.0.1.53: 14064+ A? www.google.it. (31) 18:30:26.414496 IP6 ::1.50658 > ::1.53: 14064+ A? www.google.it. (31) 18:30:26.414531 IP6 ::1.50658 > ::1.53: 14064+ A? www.google.it. (31)
这显然有问题,因为我的本地主机上并没有运行DNS服务。
为了完整说明情况,下面是VPN隧道激活后的路由表信息:
$ netstat -nr -f inet Routing tables Internet: Destination Gateway Flags Netif Expire 0/1 192.168.10.1 UGScg utun10 default 192.168.1.1 UGScg en5 default 192.168.10.1 UGScIg utun10 <FRIEND'S IP>/32 192.168.1.1 UGSc en5 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 128.0/1 192.168.10.1 UGSc utun10 169.254 link#13 UCS en5 ! 192.168.1 link#13 UCS en5 ! 192.168.1.1/32 link#13 UCS en5 ! 192.168.1.1 10:71:b3:94:ce:70 UHLWIir en5 1199 192.168.1.100/32 link#13 UCS en5 ! 192.168.1.100 0:e0:4c:68:0:40 UHLWI lo0 192.168.10 192.168.10.42 UGSc utun10 192.168.10.1/32 link#24 UCS utun10 192.168.10.1 link#24 UHWIir utun10 192.168.10.42 192.168.10.42 UH utun10 224.0.0/4 link#13 UmCS en5 ! 224.0.0/4 link#24 UmCSI utun10 224.0.0.251 1:0:5e:0:0:fb UHmLWI en5 239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en5 239.255.255.250 link#24 UHmW3I utun10 2400 255.255.255.255/32 link#13 UCS en5 ! 255.255.255.255/32 link#24 UCSI utun10
最后是Viscosity连接成功后的日志:
Opened utun device utun10 /sbin/ifconfig utun10 delete NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure /sbin/ifconfig utun10 192.168.10.42 192.168.10.42 netmask 255.255.255.0 mtu 1500 up /sbin/route add -net 192.168.10.0 192.168.10.42 255.255.255.0 /sbin/route add -net <MY FRIEND'S IP> 192.168.1.1 255.255.255.255 /sbin/route add -net 0.0.0.0 192.168.10.1 128.0.0.0 /sbin/route add -net 128.0.0.0 192.168.10.1 128.0.0.0 Initialization Sequence Completed DNS mode set to Full State changed to Connected
目前我找到一个临时的 workaround:把Viscosity的DNS模式改成Split DNS,这样DNS请求就能通过本地解析器正常工作了。我用Viscosity搭配OpenVPN好多年了,之前都是直接导入*.ovpn文件就没问题,这次想找到不用手动修改的解决办法。
想请教大家,是需要让朋友修改服务器端的设置,还是我只需要调整客户端的.ovpn配置文件就能解决这个问题?
备注:内容来源于stack exchange,提问作者floatingpurr
