Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Resolving computer names over IPSec

    IPsec
    3
    4
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmischel
      last edited by

      If this isn't the proper section for this question, please let me know.

      I have my IPSec tunnel set up now, going from my office to a co-location facility.  Both sites are running pfSense, and both have Windows networks.  I'm able to access machines from my office to the colo, but only by IP address.  For example, I can't say, "dir \coloServer1\data".  Rather, I have to do "dir \192.168.100.22\data".  It'd really be nice if I could access those servers by name.

      I know I could make entries in my local Hosts file for each of the machines, and I'll do that if I have to.  We have a couple dozen machines in the office, though, and you know what a mess that can be to keep updated.

      My office network is 10.77.76.xxx, and the colo is 192.168.100.xxx.

      Is there a way to set up the mappings in pfSense so that I can access the colo machines by name from the office?

      Jim

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        This is really more of a dns question than an IPSec question.
        You could do this several ways and it depends on what DNS server your machines are using.
        I would probably forward queries for the zone across the tunnel to the correct DNS server.
        eg- Let's say you have company.office and company.colo with DNS servers at .10
        On 10.77.76.30 forward queries to company.colo to 192.168.100.30 and vice-versa. If you are using the dns forwarder on pfsense, you need to create a static route for the subnet at the other end of the tunnel and point it to your LAN interface.

        1 Reply Last reply Reply Quote 0
        • J
          jmischel
          last edited by

          Thanks.  I thought it had something to do with static routing, but I don't have enough knowledge yet to put all the pieces together.  I'll go over to the DNS section and post my question.

          1 Reply Last reply Reply Quote 0
          • M
            MageMinds
            last edited by

            You have to create a static route.

            Assuming that the dns server on the other side is 192.168.100.1 and your pfSense on your side is 10.77.76.1, if not ajust accordingly. Note that the network for the remote dns server is /32 and not /24.

            Interface  Network           Gateway
LAN        192.168.100.1/32  10.77.76.1

            After that you have to go to Service -> DNS Forwarder and in the section saying "Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain." you add.

            Domain      IP
colo.local  192.168.100.1

            You will now have to connect to your server using \server1.colo.local\Data or whatever you used in the previous section. To avoid to write the "colo.local" you could add this to your Windows TCP/IP Advanced DNS configuration.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.