B
B
Bonio2017-10-27 00:14:13
linux
Bonio, 2017-10-27 00:14:13

How to wrap dns traffic in vpn?

On the router with OpenWRT, a vpn tunnel is up. You need to wrap only dns traffic in it (everything that goes to port 53). How to do it with iptables?
59f24f8816c01524933712.png

Answer the question

In order to leave comments, you need to log in

1 answer(s)
K
krosh, 2017-10-27
@krosh

iptables has a REDIRECT action, but it only works locally. It has no other ways to change traffic, this is routing and you need to study the work of iproute2.
You can try to apply SNAT to 53 / udp traffic so that further packets go along the new route. But here it is necessary to test, it may not work.
A simple option: block passing traffic in the FORWARD 53 / udp, 53 / tcp chain and put something like dnsmasq locally, and process all local network requests with it, and configure it to work through vpn.
In order for traffic to the DNS server from the router to go through the desired interface, you must either register a static route or use source policy routing .
But a static route should work fine in your case. For example like this:
It is logical to assume that if local network clients use one well-known DNS server and will not change it themselves, then a static route on the router will solve your problem.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question