Hi everyone,
my setup is working in this way:
I have a WireGuard VPN Client and a WireGuard VPN Server setted up on OpenWRT. The Client is connected to a paid VPN Server, while the Server is allowing me access to the LAN network.
The devices connected to the WG Server are doing this route:
WG Client -> OpenWrt -> paid VPN Server -> Internet
In this way I can access my LAN, but I am browsing Internet with the IP of the VPN, and not the one of my ISP.
I achieved this configuration by using PBR.
The problem is that I need the DNS Server of the client to work like that:
VPN Client -> 10.0.0.1 (OpenWRT) -> 10.64.0.1 (paid VPN DNS Server)
I don't want to connect directly to 10.64.0.1 because I need to query the router first to resolve local hostname.
How can I achieve that?
I tried putting 10.64.0.1 on the advanced tab of the WireGuard Client and Server interface of OpenWRT but it's not enough, 10.0.0.1 is using my ISP DNS (from the wan interface) to query domains.
I need the rest of the network interfaces to query my ISP DNS normally
I don't understand:
I don't need to split traffic based on domain name but based on the subnet the request is coming from.
So the requests from 10.0.0.0/24 make this route:
10.0.0.1 (OpenWRT Gateway) -> 10.64.0.1 (VPN DNS)
while other subnets (like 192.168.1.0/24) make this route:
192.168.1.1 (OpenWRT Gateway) -> ISP DNS
Basically I need to make DNS requests made from the router IP 10.0.0.1 forwarded to 10.64.0.1, and keep everything else unchanged.
I have already tried it.
I tried to forward 10.0.0.0/24 to the interface of the paid VPN and only 10.0.0.1/24.
With the second option active I can no longer go to the Internet with the VPN Client.
)