OPNsense, IPSEC VPN and Cisco Umbrella

[bx2]

Hello everyone,

Our organization uses Cisco Umbrella for web filtering. Our our primary site (Home Office) I have two Cisco Umbrella Virtual Forwarders that are used for DNS resolution.

I am working on configuring and testing two DEC2752 units in a HA configuration for a remote office. The remote office will connect to Home Office via IPSEC site to site VPN connection.

This remote office is small enough that there is not and won't be any server onsite. Due to this, I want our web traffic from the remote site to traverse the VPN tunnel back to the home office.

Now, in the event that the VPN tunnel is down, I want to use Cisco Umberella public DNS IPs.

The remote office staff get their IP addressing/DNS information VIA AD/DHCP. This of course won't work when the tunnel is down.

I was thinking that I might be able to configure the public DNS IP addresses in the OPNsense System/General settings but I am not sure if that would help.

Within OPNsense, I have not configured Unbound/DNSMasq.

Any suggestions with my current configuration on what I can do to keep web traffic flowing if IPSEC is down?


Thank you,