[kwlug-disc] VPN Traffic
Chris Frey
cdfrey at foursquare.net
Sun Aug 15 21:11:30 EDT 2021
On Sun, Aug 15, 2021 at 07:42:45PM -0400, Gordon Dey wrote:
> I modified the configuration to one of a split tunnel, so that I only
> route traffic of the vpn tunnel if the destination address matches the
> remote network range. That broke my remote name lookup, but I have a
> small set of remote hosts that I need, so I added them to the /etc/hosts
> file and called it a day.
You can use a local instance of dnsmasq to finely control how your
DNS is handled. For example:
Assume:
your machine's IP is 192.168.0.10
your local gateway's IP is 192.168.0.1
your VPN's DNS server is 10.0.0.8
Then:
dnsmasq --no-resolv \
--listen-address=127.0.0.1 \
--listen-address=192.168.0.10 \
--server=/mydomain.com/192.168.0.1 \
--server=/no-need-for-privacy.com/192.168.0.1 \
--server=10.0.0.8
This causes dnsmasq to listen locally (127.0.0.1) and also serve to any
other machines on your local network if you want (via 192.168.0.10).
Update those machines /etc/resolv.conf as needed.
For *.mydomain.com and *.no-need-for-privacy.com it will consult your
local gateway, which will likely consult your ISP or google depending
on your gateway's config. It will also "know" about everything in
your /etc/hosts and serve them up locally and to your local network,
so that a single /etc/hosts becomes a mini local DNS server. For
everything else, it will use 10.0.0.8 for DNS lookups.
- Chris
More information about the kwlug-disc
mailing list