Use hostname to reach OpenVPN clients
-
@Unoptanio I would just leave them blank, assuming you have set some DNS servers in General Setup. Then you can read below the fields what happens by default. Or do as you've done here, adding the pfSense as the first option.
-
-
@Unoptanio Make sure this option is enabled in Services -> DNS Resolver:
If you enable it then you almost certainly need to release and renew IP config on Server5K so it makes a new request to DHCP.
I'm a bit confused why you see 192.168.1.1 in the list of DNS Servers under DNS Lookup, you should only see 127.0.0.1 at the top (that's the pfSense localhost address) and below that any other DNS Servers you have added. Did you add 192.168.1.1 under General Setup? If so remove it there as it is not necessary.
When I use DNS Lookup on a local hostname it looks like this:
This is my DNS settings under General Setup:
-
-
@Unoptanio Perfect! And sorry I forgot to mention that earlier, I had forgotten it wasn't enabled by default. So many things to remember! :)
-
All other machines that are under dhcp do not have their names resolved.
Is there a cure for them too? -
@Unoptanio After enabling the option to Register DHCP leases in the DNS Resolver you must release/renew those machines or reboot them. The registration only happens when a machine request info from the DHCP. You can also just wait until their leases run out and they renew them automatically. It seems the leases are valid for 2 hours by default so it's not that long to just wait.
-
@zapador said in Use hostname to reach OpenVPN clients:
leases are valid for 2 hours
Default lease time
Controls how long a lease will last when a client does not request a specific lease length. Specified in seconds, default value is 7200 seconds (2 hours)Maximum lease time
Limits a requested lease length to a stated maximum amount of time. Specified in seconds, default value is 86400 seconds (1 day).
https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html -
@Unoptanio Ah yeah so it could vary depending on the device, but depending on the number of devices it might be easier to just wait 24 hours for all of them to renew their lease.
-
I confirm, name resolution also works for clients under DHCP.
Why did we say to insert the IP address 192.168.1.1 first in the DNS list?
This thing had nothing to do with it
thanks for the support
thanks for the support
-
@Unoptanio I think just a bit of confusion, it's difficult for me to know your exact setup when I don't have it in front of me.
What I would recommend is this:
In General Setup put the DNS servers you want
Under DHCP Server leave all DNS fields blank.
Anywhere else only enter something in DNS fields if there's a good reason, otherwise leave them blank.
So turn off this:
-
-
@Unoptanio Perfect, then everything should work as intended :)
You can just set all of the gateways to None, though it will work if you specify the gateway. Really no difference, but generally I would consider leaving things to default to be best practice unless there's a reason not to leave defaults. In this case None is default.
-
Good morning, excuse me , in the openvpn log section I find these IP addresses unknown to me that are trying something.
Do I have to worry?
What I can do?
-
@Unoptanio It means that someone is trying connect to your VPN server or otherwise trying to communicate with the port that OpenVPN is running at (default 1194). Because you have enabled TLS Auth in your OpenVPN Server settings the OpenVPN Server expects that the incoming packet contains HMAC which it does not and thus nothing more happens. So it's really nothing to worry about, it's just the security layers working as they should.
You can potentially reduce the amount of noise (random connection attempts) by running the OpenVPN Server on another port than default but there's not much reason to do so.
