Use hostname to reach OpenVPN clients
-
Hi
I've looked for information on this but can't really find anything.
Clients connect to vpn.example.com (the OpenVPN Server on the pfSense)
Clients are assigned a static IP using Client Specific Overrides
Clients have a hostname, eg. client01 (configured on the client itself)When I connect to the OpenVPN server I would like to reach clients using client01.vpn.example.com (or similar) in order do avoid the step of having to look up the specific clients IP.
Is that possible, and if so, how?
Thanks!
-
@zapador
Add the VPN clients to your DNS as host overrides. -
@viragomann
Thank you! That seems to work.I also tried enabling "Services -> DNS Resolver -> Register connected OpenVPN clients in the DNS Resolver" so I don't have to manually create entries for each client and that seems to work as well, creating an entry using the CN of the client. At least in both cases I can use "Diagnostics -> DNS Lookup" and successfully lookup any OpenVPN client.
-
@viragomann said in Use hostname to reach OpenVPN clients:
Add the VPN clients to your DNS as host overrides.
I have the same problem as you
-
I have the same problem as you
I'm not clear how to do this step.
How do I add VPN clients to DNS as a host override?
Can you post a screenshot?
-
-
@Unoptanio the only problem that could happen with that register vpn clients. Is I do believe it also restarts unbound. So if you have a lot of clients connecting and unbound is restarting a lot this can be problematic.. Since it does clear the dns cache, and while its restarting clients can not query. If the restart is quick you prob never notice, but if anything delays the start of unbound you can have periods when unbound isn't working that your clients will notice and have problems looking up where they want to go..
-
Hi, I'm Italian, I don't think I understood well, I'm using the translator to help me.
So what do you suggest we do?
Can you explain to me a little better?I can say that after inclusion in the override list now RDP access using name.domain format works
-
@Unoptanio not saying you need to do anything.. Just be aware that registration of clients dynamic like dhcp or vpn clients restarts unbound (dns).. This can be problematic depending on the number of times it restarts, and how long it takes to restart.
-
What is the right way to connect in RDP using an openvpn connection?
Use the client's IP address or its name.domain?
Which system causes the least problems?
-
@Unoptanio so you want to access the vpn clients IP when he vpn into your network.. IP or dns makes little difference.. And registration of vpn clients can and does work.. If you want to use some fqdn to access these remote clients when they connect in.
Just wanted you and anyone else to be aware that registration of dhcp and vpn clients on connect is going to restart unbound. This can be problematic if you have that happening a lot.. And if how you have things setup causes longer delays in unbound starting, etc.
-
for each openvpn user I also used this command "ifconfig-push 10.10.94.50 255.255.255.0"
for the other users I continued with the progressive number 10.10.94.51 ..52..53
I have no idea if this is better to do or not.
and if it can amplify the problem you were talking about
-
@Unoptanio Pushing a static IP to a client makes sense if it is important for you to either know the clients IP address or if you want to make firewall rules for a specific client where the IP has to remain the same.
Can't really say one is better than the other. If you use DNS name that name will be translated to an IP and then your RDP connects using that IP. If you use the IP then there's no name translation taking place first.
Using hostnames, eg. client01.vpn.example.com, is handy as it is a lot easier to remember.
-
Have you encountered the problem that @johnpoz was talking about that could occur?
Just wanted you and anyone else to be aware that registration of dhcp and vpn clients on connect is going to restart unbound. This can be problematic if you have that happening a lot.. And if how you have things setup causes longer delays in unbound starting, etc. -
@Unoptanio I haven't encountered any problems related to that but I also wasn't aware that it could be a problem.
I was not aware that the VPN registering clients in DHCP would cause unbound (DNS Resolver) to restart, also not sure if that is really the case or not.If you want to test you try to enable the register in DHCP feature, connect a client and then check Status -> System Logs -> System -> DNS Resolver and look for "start of service (unbound)" or "service stopped (unbound)" and see if that coincides with the time the VPN client connected. If not, then unbound does not restart when VPN register clients in DHCP.
-
-
@Unoptanio Go to Services -> DNS Resolver and enable this:
Then you can resolve the hostnames of all clients connected via VPN, no matter what interface you're coming from - as long as the device use the pfSense as DNS which is the case by default.
-
ok found it. I already had the setting active
i have check Status -> System Logs -> System -> DNS Resolver
but i have only this data:
-
@Unoptanio I'm not sure if you will see anything in that log (maybe, maybe not). Just try to connect a client to OpenVPN and then from the pfSense try nslookup <hostname> which in this case would be the Common Name of that particular client, or maybe the Username if you use User Auth. It should provide you with the IP of that particular client and if it does, it works. Hope that makes sense, else just ask.
-
