Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN clients put hostname in DNS Resolver?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmiller7
      last edited by

      I'd like to know if there is any way I can get entries put in DNS automatically to match up with OpenVPN clients.

      When a machine is on my LAN (192.168.1.x) I can access it (e.g. SSH) from any other machine by typing its name with the DNS suffix appended (hostname.apt) because DHCP enters the hosts into DNS Resolver.  This is super convenient.

      Now when the client "moves" someplace else it's on the VPN (10.0.8.x) and I can access it by manually finding the OpenVPN status, hunting for the client's name, locating the IP address, and connecting to it.  I'd like for it to resolve the name (hostname.whatever) to the IP address thru DNS.

      Is there any way I can have OpenVPN put it's clients IP addresses into DNS Resolver similar to how DHCP Server puts hostnames into DNS Resolver?

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        Nothing ready to use afaik but OpenVPN has -client-connect and -client-disconnect scripts that are run when client connects/disconnects so it's possible to hack something in those to register/deregister entries to the DNS forwarder/resolver during connect/disconnect. Do note that there is no DHCP used on an OpenVPN connection when the usual settings (tun type tunnel network etc.) are used so the OpenVPN server never sees the hostname of the connecting client, it sees only the CN from the client certificate of the connecting client.

        1 Reply Last reply Reply Quote 0
        • M
          mmiller7
          last edited by

          @kpa:

          Nothing ready to use afaik but OpenVPN has -client-connect and -client-disconnect scripts that are run when client connects/disconnects so it's possible to hack something in those to register/deregister entries to the DNS forwarder/resolver during connect/disconnect. Do note that there is no DHCP used on an OpenVPN connection when the usual settings (tun type tunnel network etc.) are used so the OpenVPN server never sees the hostname of the connecting client, it sees only the CN from the client certificate of the connecting client.

          In my case at least with any machines I care about reaching I've already set the CN to the same as the hostname (lacking any other ideas what to put) so maybe that will help.

          I assume this is a server-side script setting?  Is there any documentation on how to do this in pfSense?

          I'm quite familiar with both networking and bash/sh/csh scripting from work projects but I've never worked with VPNs before (from an administrator point of view, I've only used them as a "client" before) and I'm not sure how I'd properly "save" a script to pfSense.  I assume it has to go in a certain place to be saved thru upgrades/reinstall and then I'd have to reference it there in the openvpn advanced-configuration and somehow it would "find" what clients are connected to register them.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.