Skip to content

Instantly share code, notes, and snippets.

@anbotero

anbotero/gist:10746701

Last active August 29, 2015 13:59
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save anbotero/10746701 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save anbotero/10746701 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. anbotero revised this gist Apr 15, 2014. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions gistfile1.md
    View file
    Original file line number Diff line number Diff line change
    @@ -7,12 +7,15 @@ In case you haven’t noticed, ALL traffic that happens on your machine after yo
    In Archlinux, there is another file, `/etc/resolv.conf.head` which will always
    get prepended to resolv.conf, so that would work. No idea for other systems.
    - Configure main dnsmasq file, like this `/etc/dnsmasq.conf` in my case:

    ```shell
    listen-address=127.0.0.1
    conf-dir=/etc/dnsmasq.d
    ```

    - Setup the configuration folder you just setup: `mkdir -p /etc/dnsmasq.d`
    - Create a new configuration file, `/etc/dnsmasq.d/companyvpn.conf`, with this setup:

    ```shell
    no-resolv
    no-poll
  2. anbotero created this gist Apr 15, 2014.
    35 changes: 35 additions & 0 deletions gistfile1.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,35 @@
    In case you haven’t noticed, ALL traffic that happens on your machine after you connect with the VPN client gets rerouted through Company’s own DNS, which means whenever you’re listening to Grooveshark or watching a YouTube video, it is going through Company DNS. To avoid wasting the company resources and slowing us down, I’ve devised a way to filter our traffic so that only company-related requests go through Company DNS; everything else will go to our direct, local connection.

    - Install dnsmasq.
    - Make sure the first reference in your resolv.conf file is your local IP, that: `nameserver 127.0.0.1`

    Sometimes this file gets generated automatically, so changes won’t stay.
    In Archlinux, there is another file, `/etc/resolv.conf.head` which will always
    get prepended to resolv.conf, so that would work. No idea for other systems.
    - Configure main dnsmasq file, like this `/etc/dnsmasq.conf` in my case:
    ```shell
    listen-address=127.0.0.1
    conf-dir=/etc/dnsmasq.d
    ```
    - Setup the configuration folder you just setup: `mkdir -p /etc/dnsmasq.d`
    - Create a new configuration file, `/etc/dnsmasq.d/companyvpn.conf`, with this setup:
    ```shell
    no-resolv
    no-poll
    server=/company.net/192.168.253.1
    server=/company.net/192.168.253.2
    server=/192.in-addr.arpa/192.168.253.1
    server=/192.in-addr.arpa/192.168.253.2
    server=8.8.8.8
    server=8.8.4.4
    log-queries
    log-facility=/var/log/dnsmasq.log
    ```

    That will make it so that, whenever you access domain ending in `company.net` or access an IP range like `192.x.x.x`, it will get redirected to the VPN (Company) DNS. In this case, everything else should go straight to Google DNSes.

    Also, the `log-` related entries are just when testing if dnsmasq is really doing its magic or not. You can delete them afterwards.

    That’s it for now.

    PS: Remember to enable dnsmasq as a service, so that it’s always started at system boot, and remember to start your VPN client anyways before actually trying to access the company network. Just in case. :happy: