Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can ping my internal computer1.mydomain.net but not just computer1?

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 329 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JohnnyBeGood
      last edited by JohnnyBeGood

      Hello,

      I have OpenVPN setup on SG-3100 and I can go outside to the internet. When connected remotely when I try to ping computer using just the hostname ie. computer1 I get no response but if I try using computer1.mydomain.net I get response.
      If I'm at home and not connected via OpenVPN I can ping either using computer1.mydomain.net or just computer1.
      I have DNS Server set to pfSense IP. I've looked at other settings but could not find anything that would prevent me from being able to access it using just the hostname.

      Any suggestions?

      da1f4e2d-f8c5-4091-969b-370a69150494-image.png

      I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        So while you local, you could be just broadcasting for the name on the local network... Windows does this, and the device might answer (depending) or your computer could be adding the mydomain.net to the dns query, this is a search suffix..

        asking for computer1 to dns won't work, this is not a valid fqdn..

        Notice on your vpn setting, you not setting a default domain...Which normally would be search suffix used when you just use a hostname vs a valid fqdn.

        example

        $ ipconfig /all                                         
                                                        
Windows IP Configuration                                
                                                        
   Host Name . . . . . . . . . . . . : i5-win           
   Primary Dns Suffix  . . . . . . . : local.lan        
   Node Type . . . . . . . . . . . . : Broadcast        
   IP Routing Enabled. . . . . . . . : No               
   WINS Proxy Enabled. . . . . . . . : No               
   DNS Suffix Search List. . . . . . : local.lan

        see the search suffix of local.lan, when I do a dig for just pihole it fails.

        If i just ping it, it comes back fully qualified, because windows auto added local.lan to the query

        $ ping pi-hole

Pinging pi-hole.local.lan [192.168.3.10] with 32 bytes of data:
Reply from 192.168.3.10: bytes=32 time<1ms TTL=63

        You can see exactly what was asked for by setting debug

        > set debug
> pi-hole
Server:  pi-hole.local.lan
Address:  192.168.3.10

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        pi-hole.local.lan, type = A, class = IN
    ANSWERS:
    ->  pi-hole.local.lan
        internet address = 192.168.3.10
        ttl = 2 (2 secs)

        See the question is pi-hole.local.lan, when all I typed in was pi-hole.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • J
          JohnnyBeGood
          last edited by JohnnyBeGood

          Thanks for the examples and pointing about default domain!
          After I added mydomain.net I was able to ping it and I think that's what I was missing. Below is the screenshot in case someone runs into same issue.

          Another odd thing is that I can ping certain machines while on VPN and some I can't. While local I can ping each one every time.
          Could it be that pfSense does not not where to route traffic from the remote client 10.0.0.3 to 192.168.1.100?

          C:\Users\johnny>ping computer1
Ping request could not find host computer. Please check the name and try again.

C:\Users\johnny>ping computer1.mydomain.net

Pinging computer1.mydomain.net [192.168.1.114] with 32 bytes of data:
Reply from 192.168.1.114: bytes=32 time=66ms TTL=63
Reply from 192.168.1.114: bytes=32 time=69ms TTL=63
Reply from 192.168.1.114: bytes=32 time=69ms TTL=63
Reply from 192.168.1.114: bytes=32 time=61ms TTL=63

Ping statistics for 192.168.1.114:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 69ms, Average = 66ms

          After adding "default domain":

          C:\Users\johnny>ping computer1

Pinging computer1.mydomain.net [192.168.1.114] with 32 bytes of data:
Reply from 192.168.1.114: bytes=32 time=99ms TTL=63
Reply from 192.168.1.114: bytes=32 time=97ms TTL=63
Reply from 192.168.1.114: bytes=32 time=86ms TTL=63
Reply from 192.168.1.114: bytes=32 time=207ms TTL=63

Ping statistics for 192.168.1.114:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 207ms, Average = 122ms

          e671a9ad-a74f-4289-b204-29616baf84cb-image.png

          I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            If you can not ping some IPs in your local lan while your on vpn, but you can ping others, or you can ping the pfsense lan IP.. This would point to host your trying to ping local firewall saying - hey that IP is not on my local network - F it, I am not answering its ping... This is default for a windows firewall for example.

            Edit your hosts local firewalls to allow traffic you want to allow from your vpn clients IP range.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 1
            • J
              JohnnyBeGood
              last edited by

              Thank you!
              That's what it was, Windows firewall was blocking it. I was able to ping 2 Windows Server 2019 machines but not 2 Windows 10 machines.
              In case someone is looking for the same info here's how to allow it on Windows https://superuser.com/questions/1106907/windows-firewall-doesnot-allow-to-connect-from-vpn

              I just set range from 10.0.0.0 - 10.0.0.254

              I like to fill my tub up with water, then turn the shower on and act like I'm in a submarine that's been hit!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.