Local DNS over VPN
-
@guile
Other idea. Do you have "redirect gateway" checked to direct the whole clients upstream traffic over the VPN?If so, you can easily intercept it. Just redirect the DNS traffic from the VPN client to localhost (Resolver).
-
@viragomann The "Redirect IPv4 Gateway" is unchecked. If i check this the clients will use Internet through VPN, right?
-
@guile
Correct. -
@viragomann i dont want VPN clients using internet through VPN, but ill try it. ill try this and the ACL idea.
Thanks for now!
-
@viragomann said in Local DNS over VPN:
If so, you can easily intercept it. Just redirect the DNS traffic from the VPN client to localhost (Resolver).
To redirect DNS is a NAT rule, right?
-
@guile
Yes, port forwarding.
destination: any
dest. port: 53
redirect target: localhost 53Ensure that localhost is enabled in the Resolvers "Network Interfaces".
-
This post is deleted! -
@viragomann I tested and the "Redirect IPv4 Gateway" and "NAT rule" made it work.
BUT... I don't want all VPN clients using internet through VPN. Is there a way to make this work, without the "Redirect IPv4 Gateway" option checked?
-
@guile
If it's a Windows client you can try to check "Block Outside DNS" in the OpenVPN server settings. -
@viragomann the redirect gateway is the best option for me, bc some clients is using mac/linux.. thanks for your help!
-
@guile
If you know the DNS server the clients are using like OpenDNS you can also only route this over the VPN by adding its IP(s) to the "local networks" and then redirect it to pfSense. I.e. if you control the clients. -
@viragomann the problem is I have no idea which DNS each client is using. Some use ISP DNS, others Google, others OpenDNS, others quad 9.. and so on. And some clients are from others countries..
In this case, i think the best option is let the clients use internet through VPN.
Thanks for your help. I really appreciate it!