5

I have commented out the (push "redirect-gateway def1") to turn our openVPN appliance into a split-tunneling mode.

#push "redirect-gateway def1"
push "route 172.21.1.0 255.255.248.0"
push "route 10.61.255.0 255.255.240.0"

However, seems I'm not able to control which DNS resolution goes to which. (as in whether servers sent inquiries to 8.8.8.8 vs internal dns 10.2.1.1 in our case)

I know in Windows, users can set DNS preference.

Is there some universal option across Mac/Win/Linux?

Thanks.

[Update: looking at comments, this seems not possible. Then shall I set internal 1st and public 2nd? What's the best practice within split-tunnel? In terms of DNS resolution in simplest way possible]

  • `some universal option`. Nope. Name resolution usually happens before a routing decision happens, so how would something know which interface it is going out? – Zoredache Jul 07 '16 at 22:40
  • So I guess set internal DNS as default so that any internal stuff doesn't get left out then use public DNS? –  Jul 07 '16 at 22:41
  • When you configure multiple DNS servers on a client, it may use any of them at any time. Some clients cycle through. In any case, it doesn't try one, then use another, unless there was a server failure. A NXDOMAIN, or getting a valid record that doesn't route anywhere, will not result in the client trying another DNS server. – Zoredache Jul 07 '16 at 22:43
  • Please see update –  Jul 07 '16 at 22:44

1 Answers1

1

workaround on "abc.ovpn" file on client side and NOT on server side fixed the problem.

Add "--block-outside-dns" and your internal DNS will be overruled by the one given by OpenVPN's TAP adapter.