unbound and openvpn

General questions.
Post Reply
jetojedno
Posts: 7
Joined: July 29th, 2018, 9:12 am

unbound and openvpn

Post by jetojedno » July 13th, 2019, 2:26 pm

I'm looking for a quick bit of advice. I use openVPN a lot, and would like to have ipfire's unbound (dns proxy) listen on an (internal) ipaddress / socket and set the DNS server address for the openVPN clients to that ipaddress.

An example would be openVPN clients are on the subnet 192.168.99.0/24 and unbound listens on 192.168.99.0

There are two ways I can see to do this:
- change config of unbound to listen on 192.168.99.0 (? would that work)
or
- use iptables to masquerade 192.168.99.0 to the somewhere ...

Any advice / comments / WTFs?

TIA.

jetojedno
Posts: 7
Joined: July 29th, 2018, 9:12 am

Re: unbound and openvpn

Post by jetojedno » July 23rd, 2019, 7:49 am

A reply for anyone else who has the same question:

For openVPN, if you specify the tun device gateway address as the dns ip address, the dns queries will be sent to that address and picked up by unbound, which is (by default) listening on all interfaces.

To find the tun device IP address, go to the Network (other) status page, and check the routing table. The source (src) ip address for the tun0 device is what you want.

Please post corrections or expansions if you know more about this than me. ;)

Post Reply