Однако от OVPN-клиентов постоянно идут запросы на резолвинг интернет-доменов.
- Нормально ли это?
- Можно ли сделать так, чтобы поступали/обрабатывались запросы на резолв только локальных хостов (pc1, pc2 etc)?
/var/log/dnsmasq/dnsmasq.log:
Код: Выделить всё
Jun 25 00:18:07 server dnsmasq[4749]: query[A] su.ff.avast.com from 10.8.0.25
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 5.45.62.53
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 77.234.45.60
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 77.234.45.61
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 77.234.45.70
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 77.234.45.63
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 5.45.62.117
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 77.234.45.64
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 5.45.62.118
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 5.45.62.54
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 77.234.45.65
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is 5.45.62.116
Jun 25 00:18:07 server dnsmasq[4749]: query[AAAA] su.ff.avast.com from 10.8.0.25
Jun 25 00:18:07 server dnsmasq[4749]: cached su.ff.avast.com is NODATA-IPv6
Jun 25 00:18:16 server dnsmasq[4749]: query[A] mail.yandex.ru from 10.8.0.33
Jun 25 00:18:16 server dnsmasq[4749]: forwarded mail.yandex.ru to 192.168.100.1
Jun 25 00:18:16 server dnsmasq[4749]: reply mail.yandex.ru is 93.158.134.125
Jun 25 00:18:16 server dnsmasq[4749]: reply mail.yandex.ru is 87.250.251.125
Jun 25 00:18:16 server dnsmasq[4749]: reply mail.yandex.ru is 213.180.204.125
Jun 25 00:18:16 server dnsmasq[4749]: reply mail.yandex.ru is 87.250.250.125
Jun 25 00:18:16 server dnsmasq[4749]: reply mail.yandex.ru is 213.180.193.125
Jun 25 00:18:44 server dnsmasq[4749]: query[A] WPAD from 127.0.0.1
Jun 25 00:18:44 server dnsmasq[4749]: forwarded WPAD to 192.168.100.1
Jun 25 00:18:44 server dnsmasq[4749]: query[AAAA] WPAD from 127.0.0.1
Jun 25 00:18:44 server dnsmasq[4749]: forwarded WPAD to 192.168.100.1
Jun 25 00:19:12 server dnsmasq[4749]: query[A] fpdownload2.macromedia.com from 10.8.0.73
Jun 25 00:19:12 server dnsmasq[4749]: forwarded fpdownload2.macromedia.com to 192.168.100.1
Jun 25 00:19:12 server dnsmasq[4749]: reply a1293.d.akamai.net is 37.29.19.82
Jun 25 00:19:12 server dnsmasq[4749]: reply a1293.d.akamai.net is 37.29.19.105
Jun 25 00:19:59 server dnsmasq[4749]: query[A] fpdownload2.macromedia.com from 10.8.0.57
Jun 25 00:19:59 server dnsmasq[4749]: cached fpdownload2.macromedia.com is <CNAME>
Jun 25 00:19:59 server dnsmasq[4749]: forwarded fpdownload2.macromedia.com to 192.168.100.1
Jun 25 00:19:59 server dnsmasq[4749]: reply a1293.d.akamai.net is 37.29.19.82
Jun 25 00:19:59 server dnsmasq[4749]: reply a1293.d.akamai.net is 37.29.19.105
Jun 25 00:19:59 server dnsmasq[4749]: query[A] fpdownload2.macromedia.com from 10.8.0.57
Jun 25 00:19:59 server dnsmasq[4749]: cached fpdownload2.macromedia.com is <CNAME>
Jun 25 00:19:59 server dnsmasq[4749]: cached fpdownload2.wip4.adobe.com is <CNAME>
Jun 25 00:19:59 server dnsmasq[4749]: cached fpdownload.macromedia.com.edgesuite.net is <CNAME>
Jun 25 00:19:59 server dnsmasq[4749]: cached a1293.d.akamai.net is 37.29.19.105
Jun 25 00:19:59 server dnsmasq[4749]: cached a1293.d.akamai.net is 37.29.19.82
/etc/dnsmasq.conf:
Код: Выделить всё
addn-hosts=/etc/hosts.openvpn-clients
log-queries
log-dhcp
/etc/openvpn/server.conf:
Код: Выделить всё
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.100.0 255.255.255.0"
client-config-dir ccd
learn-address /var/lib/openvpn/ovpn-learnaddress.sh
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option WINS 10.8.0.1"
push "dhcp-option NBT 4"
client-to-client
keepalive 10 120
tls-auth easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 20
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
crl-verify keys/crl.pem