[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Static route required when using domain overrides in DNS forwarder over IPsec VPN
 Date:  Wed, 15 Feb 2012 23:25:03 -0500
On Wed, Feb 15, 2012 at 11:33 AM, mtnbkr <waa dash m0n0wall at revpol dot com> wrote:
> Hi Manuel, not sure if this is a bug report, or a feature request. :)
> In the past, a static route was required for remote sysloging to a syslog
> server over a IPsec VPN. In recent versions of m0n0wall you added a check box
> "Bind to LAN interface only" on the log settings tab which alleviated the need
> for the static route.
> I just ran across a similar situation where we have remote sites connected via
> IPsec VPNs and need them to use our central DNS server for systems in our domain.
> Setting up the domain override at a remote site to point at our central dns
> server does not work unless we add the static route like we had to do with
> sysloging in the past.
> Do you think this is fixable within the dnsmasq integration of m0n0wall, or
> will we be required to keep a static route when using the domain override
> feature at remote sites?

It's just a fact of life, the static route makes it pick the correct
source IP (the LAN IP) which is required for it to match the SPD and
hence go across the VPN. Not all services have an option to work
around that.