OpenVPN having an issue resolving hostnames or DNS
-
Hi,
We have pfSense 2.4.2 setup as a router on one of our internet gateways.
We have a Server2012R2 box providing DNS and DHCP, so we aren't using pfSense for either of these functions.
How do we properly setup pfSense so that clients on the VPN are able to use Microsoft RDP to connect to their workstations by using the hostname?
Currently, the only way they can connect is by using their IP address, but with DHCP that doesn't really work. Looking for a better solution than just using static IP's or IP reservations.
-
Hand the clients the dns you want them to use that can resolve the host names… I can resolve all my remote networks names when I vpn in..
here is my vpn connection
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : local.lan
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-1F-37-23-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.8.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 19, 2018 9:21:53 AM
Lease Expires . . . . . . . . . . : Tuesday, March 19, 2019 9:21:53 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.8.254
DNS Servers . . . . . . . . . . . : 192.168.9.253
NetBIOS over Tcpip. . . . . . . . : Enabledhere is my box resolving remote names..
C:\Windows\System32>ping nas.local.lan
Pinging nas.local.lan [192.168.9.10] with 32 bytes of data:
Reply from 192.168.9.10: bytes=32 time=127ms TTL=63
Reply from 192.168.9.10: bytes=32 time=101ms TTL=63
Reply from 192.168.9.10: bytes=32 time=109ms TTL=63
Reply from 192.168.9.10: bytes=32 time=103ms TTL=63Ping statistics for 192.168.9.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 101ms, Maximum = 127ms, Average = 110msC:\Windows\System32>ping i5-win.local.lan
Pinging i5-win.local.lan [192.168.9.100] with 32 bytes of data:
Reply from 192.168.9.100: bytes=32 time=138ms TTL=127
Reply from 192.168.9.100: bytes=32 time=105ms TTL=127
Reply from 192.168.9.100: bytes=32 time=108ms TTL=127
Reply from 192.168.9.100: bytes=32 time=105ms TTL=127Ping statistics for 192.168.9.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 105ms, Maximum = 138ms, Average = 114msC:\Windows\System32>ping clean.local.lan
Pinging clean.local.lan [192.168.2.11] with 32 bytes of data:
Reply from 192.168.2.11: bytes=32 time=107ms TTL=63
Reply from 192.168.2.11: bytes=32 time=105ms TTL=63
Reply from 192.168.2.11: bytes=32 time=105ms TTL=63Ping statistics for 192.168.2.11:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 105ms, Maximum = 107ms, Average = 105ms
Control-C
^C
C:\Windows\System32>
-
Hey John,
That's exactly what I want to do, but how do I do it? Am I providing that through OpenVPN, DNS Forwarder, DNS Resolver?
-
Currently, the only way they can connect is by using their IP address, but with DHCP that doesn't really work. Looking for a better solution than just using static IP's or IP reservations.
Devices that must be reached from LAN or outside should have a IP that "doesn't move".
When the DHCP pool is bigger as the number of LAN devices, then the IP that the DHCP server hands out will be pretty "static", but could move.
So - no need to use static information, but you'll be needing DHCP Static mappings.Nice side effect : check the "DHCP Static mappings" check in the DNS Resolver, and then no need to use IP addressees anymore - use the device name.
When I VPN into my company network, I can access my company "Windows 2012 server" just fine (RDP) - never needed to use an IP.
