[Dnsmasq-discuss] dnsmasq forwarding queries over VPN/IPSec

[Ken Bantoft]

Hi,

I've run into a case where I'd like dnsmasq to forward queries over an  
IPSec VPN tunnel to nameservers on the far side, but this doesn't seem  
to work as expected.

I've got 2 Interfaces - br-lan (192.168.1.1) and ppp0 (PPPoE -  
216.x.x.x).  IPsec is terminated on the same machine, so it has a  
tunnel from 192.168.0.0/24 to 10.0.0.0/8.

dnsmasq is set to forward all queries to 10.x.x.10 and 10.x.y.10  
nameservers, which are across the tunnel in the datacenter.  What I'm  
seeing with tcpdump is the requests going out the ppp0 interface, with  
the 216.x.x.x IP address.  I've tried a variety of options (bind- 
interfaces, listen-address), as I really want dnsmasq to bind only to  
the br-lan interface, and use that address as the Source IP for the  
forwarded queries, but no combination I've tried does the trick.

Any suggestions?


Ken