1
General Discussion / ExpressVPN and it's internal DNS server(s)
« on: August 11, 2020, 08:17:37 pm »
Hello,
After 1 year of pause I decided to continue with OpnSense.. I have installed version 20.1 and have it installed the way I like it...
I use 2 subnets:
Traffic from LAN clients in the 192.168.0.0/24 range is routed to the WAN
Traffic from LAN clients in the 192.168.1.0/24 range is routed to ExpresVPN
This works fine, I even can re-route DNS requests to fixed DNS servers
(for WAN: 1.1.1.1, for ExpressVPN: 156.154.70.1)
However, I am not quite satisfied with how the DNS server setup works for ExpressVPN.
When connecting to the tunnel, ExpressVPN pushes it's internal DNS server and I would like to use that particular DNS server:
Aug 11 20:06:51 ovpn-client1[4167]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.72.0.1,comp-lzo no,route 10.72.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.72.0.102 10.72.0.101,peer-id 24,cipher AES-256-GCM'
As you can see in the log above, ExpressVPN pushes it's own internal DNS server with IP address 10.72.01. Each time that a reconnect takes place, another internal IP-address may be issued. If that internal IP-address is in a different subnet, the DNS-server also is different. So filling in that DNS server in a rule the 'hardcoded' way is not quite user-friendly.
I'd like to configure OpnSense in such a way that the pushed internal DNS server from the VPN provider is used automatically. Is this possible?
After 1 year of pause I decided to continue with OpnSense.. I have installed version 20.1 and have it installed the way I like it...
I use 2 subnets:
Traffic from LAN clients in the 192.168.0.0/24 range is routed to the WAN
Traffic from LAN clients in the 192.168.1.0/24 range is routed to ExpresVPN
This works fine, I even can re-route DNS requests to fixed DNS servers
(for WAN: 1.1.1.1, for ExpressVPN: 156.154.70.1)
However, I am not quite satisfied with how the DNS server setup works for ExpressVPN.
When connecting to the tunnel, ExpressVPN pushes it's internal DNS server and I would like to use that particular DNS server:
Aug 11 20:06:51 ovpn-client1[4167]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.72.0.1,comp-lzo no,route 10.72.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.72.0.102 10.72.0.101,peer-id 24,cipher AES-256-GCM'
As you can see in the log above, ExpressVPN pushes it's own internal DNS server with IP address 10.72.01. Each time that a reconnect takes place, another internal IP-address may be issued. If that internal IP-address is in a different subnet, the DNS-server also is different. So filling in that DNS server in a rule the 'hardcoded' way is not quite user-friendly.
I'd like to configure OpnSense in such a way that the pushed internal DNS server from the VPN provider is used automatically. Is this possible?