Exclude local network domains from being routed through VPN provider

[StrikeAgainst]

I have a Synology NAS in my home network (IP 192.168.178.29) which serves as host for some network drives and local websites of mine. I access those via domains configured on a DNS server installed on the same NAS, using the top level domain lan, e.g. nas1.lan. Works all fine. Now on my notebook (Windows 10) I've set up a connection to a VPN provider where I want to route my internet traffic through, including DNS requests if possible. I'm extending an OpenVPN configuration given by my provider to route IPs falling under my home subnet (192.168.178.0) into my local gateway and register my local DNS server.

Code: Select all

client
dev tun
proto udp

remote [remote-vpn-server].net 1195

#redirect-gateway def1

allow-pull-fqdn
route 192.168.178.0 255.255.255.0 net_gateway
route 127.0.0.1 255.255.255.255 net_gateway

dhcp-option DNS 192.168.178.29

...

Now when connected to the VPN, while I can still access my local services via IP adresses, it's for some reason not possible for me to access those via the domains defined on my DNS server yet. In this scenario I'm also not quite understanding what allow-pull-fqdn is supposed to do. I first thought this option ensures that DNS requests are done through VPN as well, which I usually want with exception for my local domains, but this seems also to be the case when I skip it. I've also been using the option dhcp-option DOMAIN lan in the hope this would route my local domains to my DNS server instead, but to no avail.

Interestingly, while connected to the VPN, nslookup times out even for reachable domains like google.com, with the server being tried being my own one. tracert though instantly goes for the DNS server from the VPN it seems.

Can someone clear my up on what I'm doing wrong? I figure that it might be impossible to split DNS requests, but I'd be glad if for now I could at least route all DNS traffic through my local DNS server.

[300000]

In order to push dns and domain work you need to have WINS server running and you can use samba act as WINS server then push all that info to client as my router have this info .

push "dhcp-option WINS 192.168.200.1"
push "dhcp-option DNS 192.168.200.1 "
push "dhcp-option DOMAIN local.lan"

[TinCanTech]

The NAS is doing the work of a WINS server, so additional WINS is not required.

[StrikeAgainst]

I've added a WINS option to my configuration, and while it seems to get me through to my network drives, I still can't access my domains, as this rather seems to be a DNS than a WINS problem.

Code: Select all

dhcp-option DNS 192.168.178.29
dhcp-option WINS 192.168.178.29
dhcp-option DOMAIN lan

[TinCanTech]

I've added a WINS option to my configuration

You added that to the client ?

[300000]

You need to add into your server and push down to client.

NAS only for file sharing you need add this line into your samba config to make samba act as WINS server. Without add this line it not goingto work.

wins support = yes

[StrikeAgainst]

You need to add into your server and push down to client.

NAS only for file sharing you need add this line into your samba config to make samba act as WINS server. Without add this line it not goingto work.

wins support = yes

Sorry, took me a while to get what you were meaning. I added the wins support line to the smb.conf on my NAS and indeed it seems I can still access my network drives now even after clearing the NetBIOS cache. Apart from that though I need to work with the domains on the DNS server of my NAS as well. According to ipconfig -all and nslookup it's registered as my primary DNS server, still the requests are timing out.
And like I mentioned

Interestingly, while connected to the VPN, nslookup times out even for reachable domains like google.com, with the server being tried being my own one. tracert though instantly goes for the DNS server from the VPN it seems.

Could there be any reason why requests to my DNS server time out when connected to the VPN, while I can still ping it just fine and stuff? Maybe any port restrictions?

I'm also not able to access the VPN server, it's provided by my VPN service. I'm only able to configure the connection client-side.

[300000]

If you cant config server so making it work as you like impossible as it need to link between your service dns server with your Synology NAS dns .how do you make it work?

[StrikeAgainst]

So I guess I found the actual issue, which is that my provider pushes

Code: Select all

block-outside-dns

which I usually should be able to work around with

Code: Select all

pull-filter ignore "block-outside-dns"

but for some reason this option is ignored. I'm gonna open a new thread on this.