Would someone please expand on the advantages and disadvantages of these two techniques of routing DNS traffic:
push "redirect-gateway def1"
versus
push "dhcp-option DNS 8.8.8.8"
Presumably, redirecting DNS traffic through the VPN is more secure because there's no DNS linkage. But, as I understand, it prevents a DHCP lease renewal and therefore may result in loss of the local connection.
If I've understood the tradeoff correctly, then is there anyway to maintain a connection to the local DHCP server and yet restrict all but renewal requests from routing to it?
Finally, what happens if both re-direct and push dhcp-option are specified as shown below?
Thank you for your help.
- nello
Tomato v1.28.0000 MIPSR2-102 K26 USB AIO
# Automatically generated configuration
daemon
server 10.10.50.0 255.255.255.0
proto udp
port 443
dev tun22
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 10.10.49.0 255.255.255.0"
push "dhcp-option DOMAIN OctoberGroup.local"
push "dhcp-option DNS 10.10.49.1"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
# Custom Configuration
push "route 10.10.50.0 255.255.0.0"
user nobody
group nobody
persist-key
persist-tun
ping-timer-rem
verb 3
# Client Configuration
client
proto udp
remote <dyn dns> 443
dev tun
nobind
ca ca.crt
cert nello.crt
key nello.key
ns-cert-type server
tls-remote October-Group-VPN
tls-auth ta.key 1
user nobody
group nobody
persist-key
persist-tun
comp-lzo
verb 6
mute 10
mute-replay-warnings
Router: Asus RT-N16 (Tomato v1.28.0000 MIPSR2-102 K26 USB AIO)
Computers: FreeBSD x86, OSX 10.9, iOS 7