And so when away do you just directly connect to the external IP and do port forwarding?
Comment on How to Use Local IP for Services when at Home?
Shimitar@downonthestreet.eu 16 hours ago
Going the split DNS way is doable but had other issues (android devices bypassing local DNS for example or DNS over HTTPS issues)
I set up my opnSense to redorect all internal traffic to the external IP on port 443 to my internal server ip.
Works fine, it’s transparent, and doesn’t mess with DNS.
mrh@mander.xyz 15 hours ago
Shimitar@downonthestreet.eu 8 hours ago
Actually I am behind CGNAT so when away I connect to my VPS that has a nginx pointing to a wireguard endpoint to the opnSense.
When home, my VPS ip gets rerouted on port 443 (and 80, mandatory for let’s encrypt) to the internal ip of my server.
Zwuzelmaus@feddit.org 7 hours ago
Can this be fixed/avoided?
Shimitar@downonthestreet.eu 7 hours ago
For now yes but the very specifics of DNS over https make that impossible if enforced one day.
Zwuzelmaus@feddit.org 5 hours ago
How?
Shimitar@downonthestreet.eu 2 hours ago
DOH goes over port 443 using https, impossible to block (unless you want to blacklist all possible URLs that might serve DNS) so cannot be redirected at network level, like with classic DNS, and uses SSL encryption so cannot be “sniffed”.
While it seems good for your privacy, it’s a dream for Google and such, where PiHoles and such DNS blockers will be useless…