- 1 Post
- 8 Comments
2·3 years agoThank you, but my question was specifically about DNS. Another person pointed out that setting the DNS record to the VPN destination is the right answer. I appreciate the details you wrote and I’ll look into them.
Thank you for the clarification. I’ll give that a shot. Cheers!
Please see this comment to understand my frustrations with the answers in this thread (copy/pasted from another comment):
I’ve been managing servers for over 10 years, and I never have felt stupider, and I still don’t understand how to do this. Everyone is making a comment that I don’t understand.
Let’s talk internet 101, and please tell me where I’m wrong.
You make a request to https://myservice.example.com. The DNS responds to a query giving you an IP address, say 1.2.3.4. Now the client software makes another request to 1.2.3.4:433 (say if we’re attempting to access an https server, binding the SNI address to the SSL/TLS header). The request will be sent to that server, and the server will respond. In what part of all this process can the VPN can do anything?
Normally if you want to access a device through VPN, you make a request to a WHOLE other ip address in another subnet on another (virtual) device locally. It has absolutely nothing to do with 1.2.3.4. It’s something like 10.10.100.X… or similar. How will my domain, myservice.example.com, route to that address, 10.10.100.X? Is it as dumb and simple as routing there? Or is there more to it? It doesn’t sound right to make the DNS server record point to 10.10.100.X.
I’ve been managing servers for over 10 years, and I never have felt stupider, and I still don’t understand how to do this. Everyone is making a comment that I don’t understand.
Let’s talk internet 101, and please tell me where I’m wrong.
You make a request to https://myservice.example.com. The DNS responds to a query giving you an IP address, say 1.2.3.4. Now the client software makes another request to 1.2.3.4:433 (say if we’re attempting to access an https server, binding the SNI address to the SSL/TLS header). The request will be sent to that server, and the server will respond. In what part of all this process can the VPN can do anything?
Normally if you want to access a device through VPN, you make a request to a WHOLE other ip address in another subnet on another (virtual) device locally. It has absolutely nothing to do with 1.2.3.4. It’s something like 10.10.100.X… or similar. How will my domain, myservice.example.com, route to that address, 10.10.100.X? Is it as dumb and simple as routing there? Or is there more to it? It doesn’t sound right to make the DNS server record point to 10.10.100.X.
Please elaborate a little more. So assuming the server where the service lies has IP address 1.2.3.4, and some VPN that I can connect to with 1.2.3.4:1194. If my DNS server points to 1.2.3.4, and say there’s an http server there that’s normally accessible with 1.2.3.4:80, how will we enforce that working only through VPN?
But what about the domain name association? How is that done?
Security analysis doesn’t require the source code. TikTok was repeatedly analyzed without it being open source.
52·3 years agoThe amount of shilling Sync receives makes me worry that something is up with it. It’s not normal that I even believe some bots and sock puppets are involved. I’m not touching it with a long stick until someone does some proper security analysis on it. I’m not dumb to fall for peer pressure. Good luck, guys!
201·3 years agodeleted by creator
Removed by mod