Re: [Openvpn-users] Force all DNS queries over VPN

Mon, 20 Jun 2022 03:57:29 -0700 

Hi,

On 18/06/22 22:49, Ian Pilcher wrote:

I've got a simple OpenVPN setup that allows me to connect to my home
network while traveling.  I am using the redirect-gateway option to
route all non-local traffic over the VPN when connected, but I haven't
yet been able to figure out how to ensure that all DNS queries use the
VPN nameserver.

I am specifying the DNS server with "push dhcp-option DNS 172.31.249.1",
but it only seems to affect the nameserver that my laptop uses for
reverse DNS lookups on that particular subnet.  When I connect from my
laptop (using NetworkManager-openvpn), I see this in the log:
 Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: setting upstream servers from DBus  Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.249.1#53(via tun0)  Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.249.1#53 for domain 249.31.172.in-addr.arpa  Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain penurio.us  Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain 250.31.172.in-addr.arpa  Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain 1.255.31.172.in-addr.arpa  Jun 18 15:37:17 p5520.penurio.us dnsmasq[1501]: using nameserver 172.31.250.254#53 for domain 254.250.31.172.in-addr.arpa 

How can I make the client send all DNS queries to the VPN DNS server?
this depends a little on whether your system is using systemd-resolve or not, plus on how you have configured the NetworkManager.  For example, if you have configured the VPN profile in NetworkManager to  "Use this connection only for resources on its network" then there is a fair chance that the DNS server will apply only to the VPN IP ranges. However, you seem to be using dnsmasq at the back - so how does NetworkManager tell dnsmasq which DNS servers to use?
On my Fedora 35 system, which uses systemd-resolve, I see that the DNS settings are set *per interface* - this is not something that OpenVPN controls, but the NetworkManager+dnsmasq backends on your distro.  Which distro are you using? 

HTH,

JJK





_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to