Hello,
I'm using OpenVPN AS for a split tunnel.
The user park is a mix of Windows, Macos and Linux machines
I want to set a split dns as part of the split tunnel for the internal domain names we uses. This works relly well (seamless on Linux and Windows machines) but it looks like split dns is not in great shape on Macos. It works for some apps, but a lot of terminal apps do not resolve those domains correctly.
From what I gathered, it seems to be a problem of the DNS system on Macos and this bug has been there for years, so is unlikely to be fixed one day.
Now, on Linux distributions using systemd-resolved, I have the opposite problem. When not using the split dns, those internal domains never resolve using the internal domain name server.
I think I'm in a situation where I cannot have one solution that fits all, so I was looking for one of those two options:
- Is it possible to set split dns settings per user/group on OpenVPN AS
- As an alternative, can I disable the split dns on the server and customize the ovpn profile file given to Linux users with command for split dns
Split-dns - per user
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Split-dns - per user
Hi,
According to this link, second paragraph:
You might want to try the view feature in named(8). You could run named on the Access Server and use a static IP address for your user. Then push the server as the DNS server, and have named answer that IP address from the proper view.
ISC's BIND 9 ARM documentation
hth, regards, rob0
According to this link, second paragraph:
So, no.It is not possible to push a specific DNS server to a specific user or group. The DNS servers that are pushed are set globally, and only the act of pushing it to a user or group can be switched on or off.
You might want to try the view feature in named(8). You could run named on the Access Server and use a static IP address for your user. Then push the server as the DNS server, and have named answer that IP address from the proper view.
ISC's BIND 9 ARM documentation
hth, regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support