Date: Tue, 5 Sep 2017 09:53:20 +0100 From: Steve O'Hara-Smith <steve@sohara.org> To: freebsd-questions@freebsd.org Subject: Re: openvpn Message-ID: <20170905095320.c18c3940ff2af2c79dcce8e1@sohara.org> In-Reply-To: <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info> References: <B5B396E9-FDA3-4B8D-A1BB-EBD5F66F5224@mail.sermon-archive.info> <440b79af-a159-1806-122e-155c26f42417@baywinds.org> <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Sep 2017 23:33:38 -0700 Doug Hardie <bc979@lafn.org> wrote: > Thanks for the info. I am making headway on this. I used the > server.conf file and after a bit of horsing around with the key file, I > got a connection to work. However, there are still some routing issues > from the client to local machines. While everything works well with IP > addresses, DNS is an issue. Ios is still going to the internet for DNS. That is easily fixed, you'll want a line like this in your openvpn config: push "dhcp-option DNS 192.168.63.238" Obviously change the IP address to wherever your DNS server is. > I need to be able to tell it to "drop" the internet connection for > everything (except connectivity) and use the VPN or to use the VPN for > DNS. I am using routing, but wonder if bridging might be a better The latter (VPN for DNS) is usually the best approach, there's a lot to be said for only putting traffic over the VPN that needs to go there. > approach. Bridging is rarely the best option. -- Steve O'Hara-Smith <steve@sohara.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170905095320.c18c3940ff2af2c79dcce8e1>