OpenVPN having an issue resolving hostnames or DNS



  • Hi,

    We have pfSense 2.4.2 setup as a router on one of our internet gateways.

    We have a Server2012R2 box providing DNS and DHCP, so we aren't using pfSense for either of these functions.

    How do we properly setup pfSense so that clients on the VPN are able to use Microsoft RDP to connect to their workstations by using the hostname?

    Currently, the only way they can connect is by using their IP address, but with DHCP that doesn't really work. Looking for a better solution than just using static IP's or IP reservations.


  • LAYER 8 Global Moderator

    Hand the clients the dns you want them to use that can resolve the host names… I can resolve all my remote networks names when I vpn in..

    here is my vpn connection

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix  . : local.lan
      Description . . . . . . . . . . . : TAP-Windows Adapter V9
      Physical Address. . . . . . . . . : 00-FF-1F-37-23-EC
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      IPv4 Address. . . . . . . . . . . : 10.0.8.2(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : Monday, March 19, 2018 9:21:53 AM
      Lease Expires . . . . . . . . . . : Tuesday, March 19, 2019 9:21:53 AM
      Default Gateway . . . . . . . . . :
      DHCP Server . . . . . . . . . . . : 10.0.8.254
      DNS Servers . . . . . . . . . . . : 192.168.9.253
      NetBIOS over Tcpip. . . . . . . . : Enabled

    here is my box resolving remote names..

    C:\Windows\System32>ping nas.local.lan

    Pinging nas.local.lan [192.168.9.10] with 32 bytes of data:
    Reply from 192.168.9.10: bytes=32 time=127ms TTL=63
    Reply from 192.168.9.10: bytes=32 time=101ms TTL=63
    Reply from 192.168.9.10: bytes=32 time=109ms TTL=63
    Reply from 192.168.9.10: bytes=32 time=103ms TTL=63

    Ping statistics for 192.168.9.10:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 101ms, Maximum = 127ms, Average = 110ms

    C:\Windows\System32>ping i5-win.local.lan

    Pinging i5-win.local.lan [192.168.9.100] with 32 bytes of data:
    Reply from 192.168.9.100: bytes=32 time=138ms TTL=127
    Reply from 192.168.9.100: bytes=32 time=105ms TTL=127
    Reply from 192.168.9.100: bytes=32 time=108ms TTL=127
    Reply from 192.168.9.100: bytes=32 time=105ms TTL=127

    Ping statistics for 192.168.9.100:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 105ms, Maximum = 138ms, Average = 114ms

    C:\Windows\System32>ping clean.local.lan

    Pinging clean.local.lan [192.168.2.11] with 32 bytes of data:
    Reply from 192.168.2.11: bytes=32 time=107ms TTL=63
    Reply from 192.168.2.11: bytes=32 time=105ms TTL=63
    Reply from 192.168.2.11: bytes=32 time=105ms TTL=63

    Ping statistics for 192.168.2.11:
        Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 105ms, Maximum = 107ms, Average = 105ms
    Control-C
    ^C
    C:\Windows\System32>



  • Hey John,

    That's exactly what I want to do, but how do I do it? Am I providing that through OpenVPN, DNS Forwarder, DNS Resolver?



  • @giftedpenguin:

    Currently, the only way they can connect is by using their IP address, but with DHCP that doesn't really work. Looking for a better solution than just using static IP's or IP reservations.

    Devices that must be reached from LAN or outside should have a IP that "doesn't move".
    When the DHCP pool is bigger as the number of LAN devices, then the IP that the DHCP server hands out will be pretty "static", but could move.
    So - no need to use static information, but you'll be needing DHCP Static mappings.

    Nice side effect : check the "DHCP Static mappings" check in the DNS Resolver, and then no need to use IP addressees anymore - use the device name.
    When I VPN into my company network, I can access my company "Windows 2012 server" just fine (RDP) - never needed to use an IP.


Log in to reply