So to the best of my understanding, I have all the pieces, namely, DNSmasq and OpenVPN working fine, although independently. What I've done?
- Installed OpenVPN using this: https://github.com/Nyr/openvpn-install
- After install, I'm able to connect client (PC, phone), works. No issue.
- I've installed DNSmasq and also appears to be running and working as expected
- I've blocked one or two sites i.e pointed them to
0.0.0.0 in the /etc/hosts file, and when I do nslookup thatdomain.com, I get the 0.0.0.0 response
This is currently my /etc/openvpn/server/server.conf
local 134.122.60.252
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
duplicate-cn
And the only change I've made to the default /etc/dnsmasq.conf file is uncommenting and indicating the interface this line:
interface=tun0
Where I need help?
How to make OpenVPN use DNSmasq for all DNS requests. I just can't seem to find a definite answer on how to achieve that, which of the files to change, and what to add.
Am I missing any steps?
Edit:
With the above conf, when I ssh into the openvpn server (the dnsmasq runs also on same server), and I do
nslookup google.com 10.8.0.1, it resolve correctly
When I do nslookup blockthis.com 10.8.0.1 it resolves correct to 0.0.0.0 as expected, as per outlined in the /etc/hosts file.
Problem is, when I connect from client to the openvpn, somehow the openvpn isn't handing over the dns resolution to dnsmasq, yet the line interface=tun0 is enabled in the dnsmasq, and a netstat -plunt indicates port 53 is up and running, listened by dnsmasq.
