Hi, you really need to fix the way you quote original mails - quoting the whole original mail unchanged and then typing your question below the original signature makes it time-wasting to read. Which I might just stop doing so, as my time is limited.
On Fri, Nov 25, 2016 at 03:10:29AM +0000, jack seth wrote:
> --redirect-gateway def1 bypass-dns
>
> (this only works on windows, because our code does not know how to query the
> currently-active DNS servers on other platforms)
[..]
> Thanks but won't this make all DNS requests go outside the VPN?
>
> What about this?
> dhcp-option DNS 192.168.25.1
> dhcp-option DNS 8.8.8.8
>
> Would this use the VPN (i.e. 192.168.25.1) but if it failed would it use
> 8.8.8.8?
This might actually work - combining these:
redirect-gateway def1 bypass-dns
dhcp-option DNS 192.168.25.1
block-outside-dns
the latter blocks all applications *except* openvpn from using DNS outside
the tun (so everyone else has to use 192.168.25.1), and openvpn itself
will try the pre-existing name servers if 192.168.25.1 is no longer
reachable.
Please test and report :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
