OpenVPN clients put hostname in DNS Resolver?



  • I'd like to know if there is any way I can get entries put in DNS automatically to match up with OpenVPN clients.

    When a machine is on my LAN (192.168.1.x) I can access it (e.g. SSH) from any other machine by typing its name with the DNS suffix appended (hostname.apt) because DHCP enters the hosts into DNS Resolver.  This is super convenient.

    Now when the client "moves" someplace else it's on the VPN (10.0.8.x) and I can access it by manually finding the OpenVPN status, hunting for the client's name, locating the IP address, and connecting to it.  I'd like for it to resolve the name (hostname.whatever) to the IP address thru DNS.

    Is there any way I can have OpenVPN put it's clients IP addresses into DNS Resolver similar to how DHCP Server puts hostnames into DNS Resolver?



  • Nothing ready to use afaik but OpenVPN has -client-connect and -client-disconnect scripts that are run when client connects/disconnects so it's possible to hack something in those to register/deregister entries to the DNS forwarder/resolver during connect/disconnect. Do note that there is no DHCP used on an OpenVPN connection when the usual settings (tun type tunnel network etc.) are used so the OpenVPN server never sees the hostname of the connecting client, it sees only the CN from the client certificate of the connecting client.



  • @kpa:

    Nothing ready to use afaik but OpenVPN has -client-connect and -client-disconnect scripts that are run when client connects/disconnects so it's possible to hack something in those to register/deregister entries to the DNS forwarder/resolver during connect/disconnect. Do note that there is no DHCP used on an OpenVPN connection when the usual settings (tun type tunnel network etc.) are used so the OpenVPN server never sees the hostname of the connecting client, it sees only the CN from the client certificate of the connecting client.

    In my case at least with any machines I care about reaching I've already set the CN to the same as the hostname (lacking any other ideas what to put) so maybe that will help.

    I assume this is a server-side script setting?  Is there any documentation on how to do this in pfSense?

    I'm quite familiar with both networking and bash/sh/csh scripting from work projects but I've never worked with VPNs before (from an administrator point of view, I've only used them as a "client" before) and I'm not sure how I'd properly "save" a script to pfSense.  I assume it has to go in a certain place to be saved thru upgrades/reinstall and then I'd have to reference it there in the openvpn advanced-configuration and somehow it would "find" what clients are connected to register them.


Log in to reply