Hi All,
I'm trying to set up a (hopefully) simple VPN configuration but not sure how to proceed.
I am using a 3rd party VPN supplier and set that up as a OpenVPN client.
This now gives me two working gateways: one for my ISP(default WAN) and one for the VPN.
Now I know you can configure specific IPs to be redirected via the different gateways but I want to use the FQDNs
In my current configuration I'm only using Unbound DNS doing recursive DNS.
I would like to do one of the following:
Option 1:
Direct all traffic from a specific interface/VLAN to the VPN Gateway with the exception a list of specific domain names which I will specify in a file, those will go through the WAN.
Option 2:
Direct all traffic from a specific interface/VLAN to the WAN/ISP Gateway with the exception a list of specific domain names which I will specify in a file, those will go through the VPN.
Are either of the options possible without hacking the firewall 'too much'?
Thanks
You can define a Hosts Alias that includes FQDNs
I can't find FQDN aliases?...
The list of Alias Types is:
- Hosts)
- Network(s)
- Port(s)
- URL (IPs)
- URL Table (IPs)
- GeolP
- Network group
- MAC address
- BGP ASN
- Dynamic IPv6 Host
- OpenVPN group
- Internal (automatic)
- External (advanced)
But anyway, an FQDN is not a domain, if one wanted to route the entire *.google.com differently, one would have to have an always up-to-date list of all possible FQDNs in this domain, which I doubt is available anywhere.
Did you get this figured out?
Thanks.
What does 'a route based on a FQDN' even mean? DNS and IP routing are different concepts.
Let's take an example: You could imagine a hosting service where two domains abc.com and xyz.com are hosted on the same machine with the same IP.
So, let's consider you want abc.com go through gateway A and xyz go through gateway B. This is not feasible in IP terms, because both domains resolve to the same target IP, for which you have defined a route (over A or B).
The best approximation of what you probably really want is a proxy that chooses a gateway based on the called URL or a WPAD description that uses the proxy only for specific URLs and DIRECT for all others. In that case, the proxy could be instructed to use the second gateway. The WPAD variant does not need to use a transparent proxy, which makes it easier.
If, on the other hand, you really want to route traffic for all of "Google" IPs, you do not need to know all their DNS names, just the ASN would do.