VPN Tunnel with the DNS blues.
Posted: Fri Apr 12, 2019 4:56 am
Greetings
We have two offices - lets call them "Head" and "Branch" for the sake of discussion each of which runs their own LAN: Head = 192.168.0.0 and Branch = 192.168.1.0.
We have successfully get a VPN tunnel established with an ASUS DSL-AC68U on the Branch end and a TP-Link TL-WDR4300 v1 on the Head end.
Routes are working correctly from Branch (192.168.1.0) to Head (192.168.0.0) so Branch machines can successfully ping Head machines using their IP addresses. Traffic from Branch to Head is is routed via the VPN with all other traffic going out normally.
Now here is the catch, We need to set up some machine in "Head" that will be accessible by name rather than by IP address. There will be quite a few of them (Virtual Machines) that will vary from day to day.
We added these:
address=/idrac/192.168.0.120
address=/nigel/192.168.0.10
to dnsmasq at Head and from the Head office we can now ping these names (which are not defined anywhere else, but we don't seem to be able to tell "Branch" to use a specific DNS server as well as it's "normal" DNS servers. i.e. if a machine in Branch tries to ping "server-1", we want the Branch to look first in the VPN DNS (which is the Head" router 192.168.0.1) and then fall back to its normal DNS.
We have tried adding this to the VPN Additional Config:
push "route 192.168.0.0 255.255.255.0"
push "dhcp-options DNS 192.168.0.1"
and although the route works, the DNS seems to be unaffected.
Does anyone have any suggestions where we should start?
TIA
Nigel.
We have two offices - lets call them "Head" and "Branch" for the sake of discussion each of which runs their own LAN: Head = 192.168.0.0 and Branch = 192.168.1.0.
We have successfully get a VPN tunnel established with an ASUS DSL-AC68U on the Branch end and a TP-Link TL-WDR4300 v1 on the Head end.
Routes are working correctly from Branch (192.168.1.0) to Head (192.168.0.0) so Branch machines can successfully ping Head machines using their IP addresses. Traffic from Branch to Head is is routed via the VPN with all other traffic going out normally.
Now here is the catch, We need to set up some machine in "Head" that will be accessible by name rather than by IP address. There will be quite a few of them (Virtual Machines) that will vary from day to day.
We added these:
address=/idrac/192.168.0.120
address=/nigel/192.168.0.10
to dnsmasq at Head and from the Head office we can now ping these names (which are not defined anywhere else, but we don't seem to be able to tell "Branch" to use a specific DNS server as well as it's "normal" DNS servers. i.e. if a machine in Branch tries to ping "server-1", we want the Branch to look first in the VPN DNS (which is the Head" router 192.168.0.1) and then fall back to its normal DNS.
We have tried adding this to the VPN Additional Config:
push "route 192.168.0.0 255.255.255.0"
push "dhcp-options DNS 192.168.0.1"
and although the route works, the DNS seems to be unaffected.
Does anyone have any suggestions where we should start?
TIA
Nigel.