Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Resolving computer names over IPSec

    IPsec
    3
    4
    2881
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmischel last edited by

      If this isn't the proper section for this question, please let me know.

      I have my IPSec tunnel set up now, going from my office to a co-location facility.  Both sites are running pfSense, and both have Windows networks.  I'm able to access machines from my office to the colo, but only by IP address.  For example, I can't say, "dir \coloServer1\data".  Rather, I have to do "dir \192.168.100.22\data".  It'd really be nice if I could access those servers by name.

      I know I could make entries in my local Hosts file for each of the machines, and I'll do that if I have to.  We have a couple dozen machines in the office, though, and you know what a mess that can be to keep updated.

      My office network is 10.77.76.xxx, and the colo is 192.168.100.xxx.

      Is there a way to set up the mappings in pfSense so that I can access the colo machines by name from the office?

      Jim

      1 Reply Last reply Reply Quote 0
      • dotdash
        dotdash last edited by

        This is really more of a dns question than an IPSec question.
        You could do this several ways and it depends on what DNS server your machines are using.
        I would probably forward queries for the zone across the tunnel to the correct DNS server.
        eg- Let's say you have company.office and company.colo with DNS servers at .10
        On 10.77.76.30 forward queries to company.colo to 192.168.100.30 and vice-versa. If you are using the dns forwarder on pfsense, you need to create a static route for the subnet at the other end of the tunnel and point it to your LAN interface.

        1 Reply Last reply Reply Quote 0
        • J
          jmischel last edited by

          Thanks.  I thought it had something to do with static routing, but I don't have enough knowledge yet to put all the pieces together.  I'll go over to the DNS section and post my question.

          1 Reply Last reply Reply Quote 0
          • M
            MageMinds last edited by

            You have to create a static route.

            Assuming that the dns server on the other side is 192.168.100.1 and your pfSense on your side is 10.77.76.1, if not ajust accordingly. Note that the network for the remote dns server is /32 and not /24.

            Interface  Network           Gateway
            LAN        192.168.100.1/32  10.77.76.1
            
            

            After that you have to go to Service -> DNS Forwarder and in the section saying "Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain." you add.

            Domain      IP
            colo.local  192.168.100.1
            

            You will now have to connect to your server using \server1.colo.local\Data or whatever you used in the previous section. To avoid to write the "colo.local" you could add this to your Windows TCP/IP Advanced DNS configuration.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy