connecting to dynamic dns
David Woodhouse
dwmw2 at infradead.org
Tue Dec 2 04:58:17 PST 2014
On Tue, 2014-12-02 at 13:39 +0100, Nikos Mavrogiannopoulos wrote:
> On Tue, Dec 2, 2014 at 1:04 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> > So yeah, this looks like a sane approach.
> > Is it forbidden to set X-CSTP-DynDNS on a full-tunnel configuration?
>
> Not currently, but I should do it. By full tunnel I suppose you mean
> providing a defaultroute right?
Right. In that case, your local routing setup on the client is still
going to be sending everything except the *old* server IP down the
tunnel. Including packets to the new server IP. So that's never going to
work.
(This changes if we switch to using SO_BINDTODEVICE like Android does,
instead of playing with the routing table. But that's complex.)
You also can't use X-CSTP-DynDNS if the DNS configuration you are
pushing to the client is asking it to use a DNS server *on* the VPN for
looking up the hostname of the server. Since you say it's working for
you, you evidently aren't doing that, which is nice for you. But let's
make sure it's a forbidden combination too.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141202/df84e6b5/attachment-0001.bin>
More information about the openconnect-devel
mailing list