Re: [Openvpn-users] split Horizon DNS

[Eric S. J. <es...@ha...>]

Les Mikesell wrote:

> You can't do this on the remote side since it won't have access to the 
> original local DNS. 

the client (remote) side has access to the local name server because it exists 
in the local resolve.conf.  This is sufficient information for a default name 
server address

> So you'd have to supply a proxy that could run on 
> every OS where openvpn runs and figure out a reasonable address/port for 
> it - which sounds harder than adjusting the existing server.

Well, it's actually less difficult when you consider that someone like me use 
the VPN in a half a dozen locations such as public access points, libraries etc. 
  There I can't modify the name server because it's not my job or 
responsibility.  All I can control is what's local on my system.

> If you don't split views, this can't happen.  It is a problem if your 
> NAT device doesn't allow access to the outside address from the inside 
> interface, though.

yes.  If an address translation boundary let you use an external address from 
the inside, then this problem wouldn't exist.  But it still wouldn't solve the 
original problem that I have a half a dozen sites that I use open VPN from 
connecting to three or four networks and I need private names from both sides.

Right now, for me the difficult part is figuring out how to replace the DHC 
supplied name server information with the private proxy name server information 
in resolve.conf every time I get a new lease.  And also invoking the conversion 
script on initiation of a VPN.

remember, I'm not saying this is open VPNs problem, only that it's configuration 
revealed a need to think about DNS a different way.  Without VPNs, we wouldn't 
have this problem