[SOLVED] Is there a way to use FQDN for OpenVPN client instead of IP?
-
Let's say I want to establish a VPN client tunnel to us-newyorkcity.privateinternetaccess.com, which resolves to:
209.95.50.15
209.95.50.18
209.95.50.19
107.182.231.28
209.95.50.102
209.95.50.103
173.244.223.122
209.95.50.129
209.95.50.133
209.95.50.142
209.95.50.149
209.95.50.162
209.95.50.163among many other A records. Assume that new A records are added and removed all the time. I also have the DNS Resolver (unbound) to only resolve DNS out the VPN connection. I've lately just hardcoded an IP address I've chosen at random into the client configuration, but this limits me to always connecting to one endpoint, and it may or may not go down for maintenance or suffer other issues. Plus I want my VPN IP to change every time the tunnel is established and not limit myself to just one address, for privacy reasons.
My goal is to use FQDN in the client configuration; e.g. use us-newyorkcity.privateinternetaccess.com instead of 209.95.50.15, but as it currently is, since DNS resolves over the VPN tunnel (to prevent DNS leaking out over the naked WAN connection to my ISP), it will be unable to resolve and find an A record in order to connect.
Are there any advanced options/settings where I can tell unbound to resolve DNS over the naked WAN if and only if the VPN tunnel hasn't been established yet?
-
You can set a different DNS server in general settings.
pfsense itself will use that one. Clients behind it will use unbound -
You can set a different DNS server in general settings.
pfsense itself will use that one. Clients behind it will use unboundThat was way too easy. I overthought it. Thanks.
-
But are you not worried that you will be leaking dns from pfsense when it checks for updates and package list, etc. <rolleyes>;)</rolleyes>