OpenVPN with DNSMasq -- solution and question
Posted: Wed Aug 06, 2014 2:02 pm
Hey everyone,
In addition to being still pretty new with networking technology, this is also my very first time using OpenVPN server (Debian 7 Stable). Recently, I had an issue where my OpenVPN Client (Android) wouldn't read the DNS addresses file; this file functions as an Ad/Tracker blacklist (ie, "address=/pr0n.edu/127.0.0.1").
I solved it by having dnsmasq listen on the P-t-P address:
But, the problem is that I don't really know why this works; I'm posting this in hopes that someone can better explain what's happening, or offer another solution. Despite a couple weeks' worth of research (on my downtime between two jobs), I've actually found close to nothing regarding the integration of dnsmasq and openvpn (that which I did find did not work); and, indeed, my shot-in-the-dark solution was not one I found anywhere online. Using what knowledge I could find, I had assumed that OpenVPN would automatically use the DNSMasq values without further configuration. In addition, I don't know why listening on eth0's IP (192.168.0.3) wouldn't have solved it since, I would assume, OpenVPN's traffic would pass through that in order to reach the internet. But, again, this dilemma is merely a testament to what little knowledge I have about these networking technologies, so any clarification would be appreciated.
My second question is, will listening on the P-t-P address, in and of itself, introduce any security risks of which I should be aware? I ask only because, again, I haven't found any information regarding my solution, so I don't want to miss anything that would be obvious to more seasoned network administrators.
Thanks a bunch.
In addition to being still pretty new with networking technology, this is also my very first time using OpenVPN server (Debian 7 Stable). Recently, I had an issue where my OpenVPN Client (Android) wouldn't read the DNS addresses file; this file functions as an Ad/Tracker blacklist (ie, "address=/pr0n.edu/127.0.0.1").
I solved it by having dnsmasq listen on the P-t-P address:
Code: Select all
/etc/dnsmasq.conf
[...]
listen=10.8.0.2
My second question is, will listening on the P-t-P address, in and of itself, introduce any security risks of which I should be aware? I ask only because, again, I haven't found any information regarding my solution, so I don't want to miss anything that would be obvious to more seasoned network administrators.
Thanks a bunch.