<html><head></head><body>Take a look at the OpenVPN docs to see how they manage this; it's a Windows thing where it latches on to a working DNS server and never lets go.<br>
IIRC it's a series of ipconfig /flushdns or something similar that's required.<br>
-Adam<br><br><div class="gmail_quote">On November 2, 2015 2:06:47 AM CST, Trevor Cordes <trevor@tecnopolis.ca> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">I've setup a linux server with a strongswan VPN server. I have a Win7 <br />(also, separately, Android) client (builtin IKEv2) connecting ok to the <br />linux server. Things seemed to be VPN'ing nicely. I can get to internal <br />hosts on other subnets I wouldn't be able to see without the VPN. I can <br />watch the ESP traffic to/from the client with tcpdump.<br /><br />(For these tests the clients are on a separate locked-down subnet for my <br />wifi.)<br /><br />But I noticed some traffic isn't using the VPN. It's just coming in on <br />the normal wifi connection/subnet. In particular, I'm looking at DNS udp <br />port 53. If I ping from Windows to wherever, the dns occurs over non-VPN <br />(I run my own caching name server, so the same linux server is the DNS <br />server in this case.) I want dns to hit my server over the VPN.<br /><br />The strongswan is configured on server to provide a DNS server entry to <br />the client. I can confirm
Windows is seeing the proper DNS server on the <br />VPN with ipconfig /all. I can even try to set those servers manually in <br />the Win7 VPN properties menus. But the dns query never goes out over the <br />VPN. For kicks I iptables'd out port 53 from the non-VPN'd IP and then <br />the client can't resolve anything (ie it doesn't fallback to using the <br />VPN).<br /><br />So if I ping from the VPN to anywhere on the net, the DNS is not VPN'd but <br />the ICMP *is*. Same with web browsing: it seems to do non-VPN DNS and <br />then VPN the http traffic.<br /><br />How can I force the Windows client to force *all* traffic over the VPN? <br />Especially DNS.<br /><br />After that's fixed, how can I force *all* traffic over the VPN on Android?<br />I've heard rumours Android screws with VPN and makes some things <br />impossible.<br /><br />Thanks!<br /><hr /><br />Roundtable mailing list<br />Roundtable@muug.mb.ca<br /><a
href="http://www.muug.mb.ca/mailman/listinfo/roundtable">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br /></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>