And so when away do you just directly connect to the external IP and do port forwarding?
Comment on How to Use Local IP for Services when at Home?
Shimitar@downonthestreet.eu 3 weeks ago
Going the split DNS way is doable but had other issues (android devices bypassing local DNS for example or DNS over HTTPS issues)
I set up my opnSense to redorect all internal traffic to the external IP on port 443 to my internal server ip.
Works fine, it’s transparent, and doesn’t mess with DNS.
mrh@mander.xyz 3 weeks ago
Shimitar@downonthestreet.eu 3 weeks ago
Actually I am behind CGNAT so when away I connect to my VPS that has a nginx pointing to a wireguard endpoint to the opnSense.
When home, my VPS ip gets rerouted on port 443 (and 80, mandatory for let’s encrypt) to the internal ip of my server.
Zwuzelmaus@feddit.org 3 weeks ago
Can this be fixed/avoided?
Shimitar@downonthestreet.eu 3 weeks ago
For now yes but the very specifics of DNS over https make that impossible if enforced one day.
Zwuzelmaus@feddit.org 3 weeks ago
How?
Shimitar@downonthestreet.eu 3 weeks ago
DOH goes over port 443 using https, impossible to block (unless you want to blacklist all possible URLs that might serve DNS) so cannot be redirected at network level, like with classic DNS, and uses SSL encryption so cannot be “sniffed”.
While it seems good for your privacy, it’s a dream for Google and such, where PiHoles and such DNS blockers will be useless…