ordex
commented
1 month ago I think CloudConnexa (VPN in Cloud operated by OpenVPN Inc.) can support this scenario.
Regarding the OpenVPN FOSS project, it doesn't do any handling of the DNS requests, therefore it would not be able to catch requests and reply accordingly. You'd probably need some extra tool for achieving this result.
The --route trick indeed can work, but OpenVPN resolves only upon startup, when installing the routes.
I've been searching all over to see if this is possible with the latest openvpn 2.6 Currently I'm usng a Cisco AnyConnect VPN Setup but I'm trying to migrate across to openvpn via opnsense
Anyconnect has a feature called Dynamic split tunneling The way we're currently using this is, if someone tries to access an address such as ec2-1-2-3-4.eu-west-2.compute.amazonaws.com (the first part being an external fixed ip) It's configured to detect that the domain name contains "compute.amazonaws.com" and therefore should be forwarded over the tunnel and not accessed directly from the clients internet.
So in effect the source IP of the connection to the aws instance is changed to that of the openvpn server instead of being the clients machine as its going over the tunnel.
Now I've discovered that is is possible to do this for single address's by adding to the client config something like the below
But what I'm actually aiming for is this to target a wildcard or subdomain of *.compute.amazonaws.com So that if a client tries to access anything on that subdomain it's passed via the VPN.
I suspect this might not be possible as I have a feeling the dns names in the list of routes are resolved when the connection is first brought up. Does anyone know if this form of routing is supported? If not with the free version of openvpn, perhaps with the more commercial Access Server?