I've set up Strongswan VPN with StrongMan(web-interface manager) on AWS.
It works great, my company employees can access contry-restricted site without any issues. But now I need to implement split-tunneling, because we also have to send terabytes of data, daily, to non-restricted sites.
I've coded small C# app that automaticaly manages split-tunneling routes with next command.
route ADD siteIP MASK 255.255.255.255 10.10.10.1 IF VPNInterfaceID
And it doesn't work like i'd like it to work.
Problem is: my DNS are leaking in split-tunnel mode.
If i route to "www.whatismyip.com" thru VPN, it masks my IP, so it works,
but i can't access restricted sites.
So i routed "www.dnsleaktest.com" thru VPN, and i can see that my DNS are in fact leaking.
I've found an app "Simple DNSCrypt", which fixed my problem, but i really dont want to use third-party software.
I'am very new to this topic, so any help would be appreciated.
I cant figure out how to hide my DNS.
Even overriding to 8.8.8.8 and 8.8.4.4 doesnt help.
What can i do? What should i read and learn? What could be the problem?
Sorry for my poor use of English.
Thank you in advance!
I've figured it out. Maybe, this answer will help someone someday.
You have also route DNS adresses thru VPN (in my case 8.8.8.8 and 8.8.4.4),
and "disabling" default ethernet adapter DNS by setting them to 127.0.0.1.
Dont forget to revert them back after disconnecting from VPN!
Related
So I'm trying to deploy a Ghost blog into a Google Cloud vm instance and I can't get it to work. Part of the problem, I think, is that I haven't set up the DNS correctly. I bought farodefe.org via Google Domains and I tried to configure it following this tutorial, and it worked... partially. I used DIG in Ubuntu to try and verify that my DNS configuration. Here are the results:
enter image description here
As seen in the image above, when I do:
dig farodefe.org
and/or
dig www.farodefe.org
I do receive an answer to my query.
But then I do dig http://www.farodefe.org and I receive nothing.
enter image description here
Why is this happening and how can I fix it?
Thanks in advance!
But then I do dig http://www.farodefe.org
But this does not mean anything, or at least certainly not what you think. The DNS has no concept of URLs, only names.
So you are doing here a query for the name http://www.farodefe.org (which is possible in the DNS, but not just for an A record type which is the default one used by dig), which is certainly not what you had in mind.
Part of the problem, I think, is that I haven't set up the DNS correctly.
Don't think, test. If you are not familiar with DNS, use good online troubleshooting tools, like DNSViz. If you see any red things in the output, your DNS configuration needs to be fixed. Alternatively, your DNS provider should be able to help you.
DNS wise, you first need to understand the difference between authoritative and recursive nameservers and service, and hence when doing tests you need to first send your queries to the authoritative nameservers (which is what DNSViz does) and only when that is ok and you still have problems, then you query recursive nameservers as needed.
If you want to understand more, also learn about the OSI/Internet layers, and how HTTP is layered on top of TCP and IP, which are some protocols among others, and how the DNS (a service itself using TCP and UDP) is used to map data, and in a web setting, to map a given hostname (website) to one or more IPv4 or IPv6 addresses, for an HTTP client (like a browser) to be able to initiate its TCP/IP connection.
I am using GCP, nginx and domain name from "name.com" to deliever my website.
It can be reached on mobile network but doesn't work with wifi.
Although on some wifis you can reach my site with around ~60% (from those i have tests) you cant.
It might have to do something with DNS / DNSSEC but its litearly a guess, I am clueless.
Hey everyone so I have found the problem.
When I looked online for best practice its recommended to use different ports for the backend and frontend.
apparently the port used for the backend was blocked by some routers.
Now the backend and frontend use the same port and it is fixed.
Hopefuly it will help other people who are getting the same problem.
Could you try lower the TTL to 300 seconds for your domain in name.com? It could be that DNS has an old cache which did not yet point to your nginx instance/location. Or you could wait out the default TTL which is probably 12-24 hours.
I have some servers in my workplace and they are accessible via Intranet, I want to allow people from external network to access the gateway and all resources in that gateway.
Is there any way to do that without any special hardwares???
I tried installing Hamachi LogMEin ( Gateway Network ) but, it is taking too much time to connect using RDP.
I tried Insta Safe, they are charging bit high!
Although this is not programming related, I thought I would provide you with a solution which should help resolve your issue using OpenVPN and a Dynamic IP address.
Please follow this URL
Snippet:
As Chris mentioned, should you need further assistance, please try an alternative website, perhaps the suggested networkengineering would suffice.
I'm not sure this is even a question to be asked here, but I'll give it a shot anyway.
So I have an ubuntu server, and I recently purchased a domainname.
Now I have forwarded the domain to my IP, but whenever I reach the server, the browser shows the IP adress instead of the domain.
Is this something I should configure in Apache, or from godday (where I got the domainname)
Thanks in advance :)
Start with checking your setup at Godaddy. What you probably need is an A entry.
The good news is that your setup seems to work since you get an answer from you server!
Perhaps this can help
http://support.godaddy.com/help/article/680/managing-dns-for-your-domain-names
I'm trying to connect to wamp from other computer.
I have a tp-link TD-8811. Is there any way to open my localhost from out
also i dont have a static IP.
A quick look at the specs for your TP-link device show that it is capable of DMZ and Virtual Server configurations. Please see here for a Step-by-Step: http://www.tp-link.com/en/article/?faqid=205 I input your model number in the search and came up with this article. I hope this helps.
There are many options for accessing a dynamic IP from outside.
Almost all services that do CNAME aliases for dynamic IPs offer both free and paid services. I never felt the need to pay for a service that i only used occasionally... The paid packages are usually geared to make your life easier.
Look at: no-ip.com -or- dyndns.com -or- google: "connect to dynamic ip address" and take your pick from the results.
After all of this is done, I'd seriously consider setting up (as an absolute minimum) a quick and dirty encrypted channel for your security. Your Router does not support IPsec/VPN, but that doesn't mean that you cannot ssh to your computer (regardless of host/client OS). There are also port-knocking methods to "speak" to your PC's firewall and instruct it to open your desired data port. You'll need to forward a few more ports from your router to get this set up, but if you'll achieve a closed system that you can open and close again on demand.
Apologies for the non-howto style of this answer, I hope it helps.