VPN tunnel for unbound only
Closed this issue · 0 comments
Can someone help me understand how to configure it?
VPN Client has Force Internet traffic through tunnel
option. If I set it to No
and also add route-nopull
to the Custom Configuration
field, this seems to have almost the same effect as using the empty Policy Rules
table instead of No
.
curl ifconfig.co
returns ISP IP.
curl --interface tun11 ifconfig.co
returns VPN IP.
ip route
:
default via 192.168.1.254 dev eth0 # ISP
10.8.8.0/24 dev tun11 proto kernel scope link src 10.8.8.48 # VPN client
10.11.12.0/24 dev tun21 proto kernel scope link src 10.11.12.1 # VPN server
127.0.0.0/8 dev lo scope link
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.90
192.168.1.0/24 dev eth4 proto kernel scope link src 192.168.1.65
192.168.1.254 dev eth4 scope link
192.168.44.0/24 dev br0 proto kernel scope link src 192.168.44.254 # LAN
unbound_manager vpn=1
:
unbound requests via VPN Client 1 (10.8.8.48) tunnel ENABLED
15:50:28 Checking 'unbound.conf' for valid Syntax.....
15:50:28 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=930/752 rrset.cache=3509/3157
15:50:28 Requesting unbound (S61unbound) restart.....
Shutting down unbound... done.
Starting unbound... done.
15:50:29 Checking status, please wait.....
15:50:31 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2021-06-28 15:50:28) msg.cache=26/752 rrset.cache=122/3157
15:50:32 unbound OK
Still, DNS requests go via ISP which does block some DNS servers by IP:
dig pm.me @192.168.44.254
; <<>> DiG 9.10.6 <<>> pm.me @192.168.44.254
;; global options: +cmd
;; connection timed out; no servers could be reached
It's probably a dumb mistake of legal system, because even ISP's DNS resolves it, and the actual service's IP is not blocked.
dig pm.me @192.168.1.254
; <<>> DiG 9.10.6 <<>> pm.me @192.168.1.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28892
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
pm.me. 373 IN A 185.70.42.16
;; Query time: 60 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Jun 28 16:14:21 MSK 2021
;; MSG SIZE rcvd: 50
Without route-nopull
:
Both curl ifconfig.co
and curl --interface tun11 ifconfig.co
return VPN IP.
Both unbound_manager vpn=1
and unbound_manager vpn=disable
allow access to the blocked DNS server.