Page 1 of 1
how to use server's local DNS when using bridge
Posted: Fri Feb 10, 2023 10:34 am
by fa1rid
I'm using Local Bridge tap_vpn with vDHCP without vNAT. I assigned "192.168.30.1" to the TAP device.
Everything works except the DNS "192.168.30.1"
I tried to enable systemd-resolved but with no luck.
Kindly advice how to make the clients use whatever DNS is set inside the server (/etc/resolv.conf).
Re: how to use server's local DNS when using bridge
Posted: Fri Feb 10, 2023 12:56 pm
by solo
Re: how to use server's local DNS when using bridge
Posted: Fri Feb 10, 2023 2:06 pm
by fa1rid
Sorry but I couldn't find an answer there. Kindly provide answer here.
Is it enough to just start systemd-resolved on the server? Are there any configurations I need to do?
Let me know please if you need any details about my setup.
Re: how to use server's local DNS when using bridge
Posted: Fri Feb 10, 2023 8:47 pm
by shakibamoshiri
fa1rid wrote: ↑Fri Feb 10, 2023 2:06 pm
Sorry but I couldn't find an answer there. Kindly provide answer here.
Is it enough to just start systemd-resolved on the server? Are there any configurations I need to do?
Let me know please if you need any details about my setup.
UPDATE - this is answer is wrong
-> in SecureNAT
--> vNAT disabled
--> vDHCP enabled
--> vDHCP ip 192.168.30.2
--> Local Bridge for HUB of your vDHCP 192.168.30.1
-> in vDHCP
--> set "DNS Server Address 1" to 8.8.8.8 or whatever you liked
if the client (you have, or tested) DNS was not 8.8.8.8, that is the client issue not SE server
(have been tested with SE server stable, Debian 11, SSTP client on Android)
Re: how to use server's local DNS when using bridge
Posted: Fri Feb 10, 2023 10:57 pm
by fa1rid
shakibamoshiri wrote: ↑Fri Feb 10, 2023 8:47 pm
-> in vDHCP
--> set "DNS Server Address 1" to 8.8.8.8 or whatever you like
I don't want to use 8.8.8.8 or any other public DNS.
I want to use my server as a DNS relay to whatever DNS is configured on the server itself.
Same as when your home router is acting as a DNS with same ip as the gateway for example 192.168.0.1
Re: how to use server's local DNS when using bridge
Posted: Sat Feb 11, 2023 4:06 am
by eddiewu
You have two options.
Setup a DNS server like dnsmasq. dnsmasq will use the local resolver automatically.
Or setup NAT rules in iptables diverting the requests.
dnsmasq is faster.
Re: how to use server's local DNS when using bridge
Posted: Mon Feb 13, 2023 6:47 pm
by shakibamoshiri
here is an approach with dnsmqsq
SE server
- SecureNAT > vNAT : disable
- SecureNAT > vDHCP : enable
- SecureNAT > vDHCP > DNS Server Address (e.g 192.168.30.1) the same as Local Bridge IP Address
SE server Local Bridge
- Local Bridge > soft tap (e.g tap_tap)
OS
Code: Select all
ip address add 192.168.30.1/24 brd + dev tap_tap
and
Code: Select all
cat /etc/resolv.conf
nameserver ::1
nameserver 127.0.0.1
Code: Select all
cat /etc/dnsmasq.conf
# To use this computer to listen on its LAN IP address for other computers on the network.
listen-address=::1,127.0.0.1,192.168.30.1
# Set the number of cached domain names
cache-size=1000
# Google's nameservers, for example
server=8.8.8.8
server=8.8.4.4
# Uncomment expand-hosts to add the custom domain to hosts entries:
expand-hosts
- add a record to /etc/hosts (Linux)
- in "hosts" file sample: "0.0.0.0 example.com"
- connect to SE server using a client (mobile or PC)
- use "dig" to check it should gives you "0.0.0.0"
Code: Select all
dig +noall +answer example.com
example.com. 0 IN A 0.0.0.0
Re: how to use server's local DNS when using bridge
Posted: Tue Feb 14, 2023 6:45 am
by fa1rid
It worked after installing dnsmasq. I didn't have to change any settings in it. Thank you guys.
Now when I make a virtHub offline the bridge interface is removed, how to automatically assign the bridge IP when I make it online again?
Is it maybe by creating a tap interface manually outside of SE server?
Re: how to use server's local DNS when using bridge
Posted: Wed Feb 15, 2023 7:36 am
by shakibamoshiri
fa1rid wrote: ↑Tue Feb 14, 2023 6:45 am
It worked after installing dnsmasq. I didn't have to change any settings in it. Thank you guys.
Now when I make a virtHub offline the bridge interface is removed, how to automatically assign the bridge IP when I make it online again?
Is it maybe by creating a tap interface manually outside of SE server?
SE server level
you can use systemd service and assign ip via "ExecStartPort"
Code: Select all
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/ip addr add 192.168.100.1/24 brd + dev tap_tap
if you make a single hub down, not the whole SE server, then I think you should re-assign IP since that tap device was linked to this hub. HUB is down, tap is gone. HUB is up, tap is created so needs IP address.
Code: Select all
ip addr add 192.168.100.1/24 brd + dev tap_tap
it is possible to create a tap device using "iproute2" commands "ip" , but I did not see a way of linking back this tap devices into a HUB of SE server
Code: Select all
sudo ip tuntap add mode tap tap_tap