Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Domain name based routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: Domain name based routing (Read 3511 times)
PeeWeeHerman
Newbie
Posts: 4
Karma: 0
Domain name based routing
«
on:
May 08, 2021, 12:45:29 pm »
Hi All,
I'm trying to set up a (hopefully) simple VPN configuration but not sure how to proceed.
I am using a 3rd party VPN supplier and set that up as a OpenVPN client.
This now gives me two working gateways: one for my ISP(default WAN) and one for the VPN.
Now I know you can configure specific IPs to be redirected via the different gateways but I want to use the FQDNs
In my current configuration I'm only using Unbound DNS doing recursive DNS.
I would like to do one of the following:
Option 1:
Direct all traffic from a specific interface/VLAN to the VPN Gateway with the exception a list of specific domain names which I will specify in a file, those will go through the WAN.
Option 2:
Direct all traffic from a specific interface/VLAN to the WAN/ISP Gateway with the exception a list of specific domain names which I will specify in a file, those will go through the VPN.
Are either of the options possible without hacking the firewall 'too much'?
Thanks
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Domain name based routing
«
Reply #1 on:
May 08, 2021, 03:11:29 pm »
You can define a Hosts Alias that includes FQDNs
Logged
9axqe
Full Member
Posts: 201
Karma: 4
Re: Domain name based routing
«
Reply #2 on:
September 16, 2023, 10:13:48 am »
I can't find FQDN aliases?...
The list of Alias Types is:
Hosts)
Network(s)
Port(s)
URL (IPs)
URL Table (IPs)
GeolP
Network group
MAC address
BGP ASN
Dynamic IPv6 Host
OpenVPN group
Internal (automatic)
External (advanced)
But anyway, an FQDN is not a domain, if one wanted to route the entire *.google.com differently, one would have to have an always up-to-date list of all possible FQDNs in this domain, which I doubt is available anywhere.
Logged
chop249
Newbie
Posts: 10
Karma: 0
Re: Domain name based routing
«
Reply #3 on:
November 26, 2023, 10:30:56 pm »
Did you get this figured out?
Thanks.
Logged
meyergru
Hero Member
Posts: 1680
Karma: 165
IT Aficionado
Re: Domain name based routing
«
Reply #4 on:
November 27, 2023, 12:13:14 am »
What does 'a route based on a FQDN' even mean? DNS and IP routing are different concepts.
Let's take an example: You could imagine a hosting service where two domains abc.com and xyz.com are hosted on the same machine with the same IP.
So, let's consider you want abc.com go through gateway A and xyz go through gateway B. This is not feasible in IP terms, because both domains resolve to the same target IP, for which you have defined a route (over A or B).
The best approximation of what you probably really want is a proxy that chooses a gateway based on the called URL or a WPAD description that uses the proxy only for specific URLs and DIRECT for all others. In that case, the proxy could be instructed to use the second gateway. The WPAD variant does not need to use a transparent proxy, which makes it easier.
If, on the other hand, you really want to route traffic for all of "Google" IPs, you do not need to know all their DNS names, just the ASN would do.
«
Last Edit: November 27, 2023, 08:59:56 am by meyergru
»
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Domain name based routing