06.06.2024 16:23, Gert Doering пишет:
Hello!
We used to have
block-outside-dns
to prevent Windows from doing DNS lookups "around the VPN" - the main
intent of this was "make sure split DNS works", but a side effect has
also been "avoid DNS leaks".
Heiko has now extended this code to be able to "block everything not
going into the VPN". To activate this, you need
redirect-gateway def1 block-local
in your config ("block-local" is the keyword, but without "def1" you
end up with a split-tunnel and "nothing else is allowed", which is rarely
a really good combination).
Repeat: if "redirect-gateway block-local" is active, NO packets leave
via LAN/WiFi/... interfaces, except those sourced by the openvpn.exe
process. This is important for maximum privacy, especially if you
roam into a network with an untrusted DHCP server.
Will
redirect-gateway def1 block-local
also apply block-outside-dns ?
Thank you!
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
