DNS entries vs NAT reflection and android always on vpn
-
I have my android handset constantly connected to an openvpn server instance on pfsense. When I return home and the phone gets assigned a LAN IP, the vpn connection survives, since I am using NAT reflection.
I tried the spilt DNS solution and created a LAN IP host record for my WAN hostname. This works to some extent, but the android OpenVPN client doesn't refresh the DNS query when moving to/from the LAN and is therefore blocked.
Since I would prefer to turn off NAT reflection, is there a way to get android/openvpn to requery dns & reconnect when moving from one network to another? Or is there a way to make the phone suspend vpn connection when on the LAN, at same time ensuring all traffic goes over the vpn once away from the home network? And all without manually turning vpn client on/off or messing with phone's vpn settings each time I move between networks! -
In the end I turned off NAT reflection for all but the VPN rule. The rest worked fine with the split DNS approach and no NAT reflection.
I don't think it is doable to have the android openvpn client requery dns when transitioning networks. Though I guess you could have forwarding rule on the LAN that redirects VPN traffic to the pfsense interface where openvpn server is listening.