Subdomain for VPN Access

  • Hi All,
    I just built my first ever pfSense box as I'm looking to understand more about networking and I figured this is the best way to learn!

    I've got my VPN configured and pointing to my ip address but ideally I want it only to work on if at all possible!
    I have no idea how to do this however - I own my domain name and have access to SRV and CNAME's etc.

    So far all I've done is create a CNAME that points to @ - I'm not really sure where to go from here?
    Do I need to set some hostname on my pfSense box?

    In case it helps: I'm running the pfSense router (no DHCP), a Windows Server 2016 box with AD, DNS, DHCP and a small website in IIS.

    Any and all guidance would be very much appreciated!

  • needs to be an A record that points to your external IP address assuming is statically assigned. If it's not statically assigned you'll want to setup a dynamic DNS service to keep it updated (Cloudflare,, etc.)

  • @brownatron

    do you want to reach from the inside or externally (or both) ?

  • LAYER 8 Netgate

    The VPN server has absolutely no idea whether the connecting client got the name from a DNS lookup or used an IP address. As far as the server is concerned, the connections are all to the IP address.

    ideally I want it only to work on if at all possible!

    Not sure what that means, actually. If you want the most security out of your VPN, use RSA keys and IPsec or OpenVPN in SSL/TLS + User Auth mode.

  • As flynjets already stated, for your subdomain, change your DNS record type to an A record pointed at your IP instead of a CNAME.

    If you want your clients to connect using your subdomain instead of an IP, that change is made during client export. I.e. change the Host Name Resolution option to "Other" and enter in the Hostname box.

Log in to reply