Would someone please expand on the advantages and disadvantages of these two techniques of routing DNS traffic:
push "redirect-gateway def1"
push "dhcp-option DNS 188.8.131.52"
Presumably, redirecting DNS traffic through the VPN is more secure because there's no DNS linkage. But, as I understand, it prevents a DHCP lease renewal and therefore may result in loss of the local connection.
If I've understood the tradeoff correctly, then is there anyway to maintain a connection to the local DHCP server and yet restrict all but renewal requests from routing to it?
Finally, what happens if both re-direct and push dhcp-option are specified as shown below?
Thank you for your help.
Tomato v1.28.0000 MIPSR2-102 K26 USB AIO # Automatically generated configuration daemon server 10.10.50.0 255.255.255.0 proto udp port 443 dev tun22 comp-lzo adaptive keepalive 15 60 verb 3 push "route 10.10.49.0 255.255.255.0" push "dhcp-option DOMAIN OctoberGroup.local" push "dhcp-option DNS 10.10.49.1" push "redirect-gateway def1" tls-auth static.key 0 ca ca.crt dh dh.pem cert server.crt key server.key status-version 2 status status # Custom Configuration push "route 10.10.50.0 255.255.0.0" user nobody group nobody persist-key persist-tun ping-timer-rem verb 3 # Client Configuration client proto udp remote <dyn dns> 443 dev tun nobind ca ca.crt cert nello.crt key nello.key ns-cert-type server tls-remote October-Group-VPN tls-auth ta.key 1 user nobody group nobody persist-key persist-tun comp-lzo verb 6 mute 10 mute-replay-warnings
Router: Asus RT-N16 (Tomato v1.28.0000 MIPSR2-102 K26 USB AIO)
Computers: FreeBSD x86, OSX 10.9, iOS 7