Hi!
We found that the default behavior for dealing with DNS servers is to NAT them. For our on-prem setup it does not work as we rely on client IP being directly routed and further firewalled on network firewall. For the reference, the rules are:
table ip nat {
chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept;
…
ip saddr NET1 ip daddr DNS1 counter packets 4598 bytes 319594 masquerade
ip saddr NET1 ip daddr DNS2 counter packets 14737 bytes 1124645 masquerade
…
By trial and error we found we can disable these DNS routes altogether by
“pritunl set vpn.dns_route false”
Is there a better way to deal with this? Like just disable masquerade and do accept instead?
And more generic question: I didn’t manage to find any documentation on all this config parameters not available in WebUI. Is there any place they exists and documented to some extend? Like some place in source code maybe that I can use as a reference?
Best regards,
Andrii