Stuart,
I'm going to try just changing resolv.conf to 10.0.1.1 when connected
to IKED. Either that or, like you say, unbound-control a stub in a
script with ikectl couple.
Thanks again! I'm understanding things a lot better now. Much appreciated!
Dale
On 2019-11-19, Dale C. wrote:
> I don't know how unbound will be aware of iked couple/decouple, so I
> wonder how I'd specify "as appropriate" in this case short of a DNS
> failover from the remote side using forward-zones in unbound.
It won't be aware unless you tell it. But if you're scripting
I don't know how unbound will be aware of iked couple/decouple, so I
wonder how I'd specify "as appropriate" in this case short of a DNS
failover from the remote side using forward-zones in unbound. I'll
take a look at unwind...
On 11/18/19, Dale C. wrote:
> "I'd go for a local unbound or local
"I'd go for a local unbound or local unwind instance, listening for
queries on localhost, configured to use a forwarder as appropriate, plus
the bypass rule suggested in faq17."
Right.
Thanks again,
Dale
On 11/18/19, Dale C. wrote:
> Stuart,
>
> Hmmm, thanks for taking the time to write. I'll
Hi Dale,
I had unbound working with iked for a short time. I actually configured the
interface enc0 like so;
** Server hostname.enc0
inet 10.0.5.1 255.255.255.0 10.0.5.255
---
** Server iked.conf
ikev2 “roaming" passive esp \
from 0.0.0.0/0 to 0.0.0.0/0
Stuart,
Hmmm, thanks for taking the time to write. I'll consider these things.
My server has a static IP, and I'd also like to start looking at DNS
over TLS. My client has a dynamic (shared even - cellular gateway) IP
address.
There are some implications there I'll also need to consider. Routing
On 2019-11-18, Dale C. wrote:
> "Since all traffic goes through the VPN, including traffic targeted at
> localhost, it might be necessary to exclude this traffic from the
> flows to ensure connections to services running locally (such as a
> local resolver) reach the right target. This can be achi
I'm thinking you're correct Chuck, I can't route traffic for localhost
through iked...
So... "It might be necessary to exclude this traffic from the
flows to ensure connections to services running locally (such as a
local resolver)
^ Then I'd have local dns while connected to my VPN?
OH... queri
Chuck,
Hey thanks for the information. Yeah I've tried having unbound listen
on 10.0.1.2 (the VPN support net), that didn't work. I have not tried
putting unbound on an external interface, and would like to avoid
that.
I've actually taken unbound out of the equation on both sides.
Disabled unboun
> On Nov 17, 2019, at 11:45 AM, Dale C. wrote:
>
> Hi again,
>
> Still trying to forward DNS to a local unbound resolver on the
> responder of an IKE tunnel.
>
> Providing more information here. Everything works, but DNS.
>
> It's worth noting I've tried many, many variations on these config
10 matches
Mail list logo
