Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Can't resolve hostnames from OpenVPN Client

    OpenVPN
    2
    4
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zapador
      last edited by zapador

      EDIT: Stupid me. The rule allowing 53 (DNS) was set as TCP, not TCP/UDP.

      When connected from my Windows 11 PC to the OpenVPN Server on the pfSense I would like to resolve hostnames of other OpenVPN clients, either using just the hostname (eg. client01) or the FQDN (eg. client01.vpn.example.com).

      On the pfSense I have enabled "Services -> DNS Resolver -> Register connected OpenVPN clients in the DNS Resolver"
      If I use "Diagnostics -> DNS Lookup" I can successfully resolve hostnames of connected clients. So far so good.

      I have done the following:

      • Enabled "VPN -> OpenVPN -> My OpenVPN Server -> Provide a DNS server list to clients."
      • I specified the IP address of the OpenVPN Server interface and the DNS Resolver is set to listen on all interfaces.
      • When using ipconfig /all I can see the IP address that I specified listed as DNS server for the virtual OpenVPN adapter.
      • Added a firewall rule on the OpenVPN Server interface allowing 53 (DNS) to the OpenVPN Server interface.
      • I also added "register-dns" and "block-outside-dns" in my OpenVPN client config.

      However when I try to resolve any address (using nslookup) from my local machine connected to the OpenVPN Server it doesn't work, I get DNS request timed out.
      It doesn't matter what address I try to resolve, google.com or client01.vpn.example.com will both result in a timeout so DNS completely stopped working when connected.

      I'm probably missing something but I can't figure out what it is despite searching for a while for a solution. Any help much appreciated!

      Thanks!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @zapador
        last edited by

        You can see the "host name" (actually the name of the certificate used for the connection) :

        b24c91b7-ea29-4eb4-87a5-00da1a0e5c33-image.png

        Why do you need to know the IP and hostname ?

        Even if you don't you the IP, MAC, name, OS, OpenVPN client used, whatever, you know one thing : the person that is connected uses unique credentials that you gave to them.

        I can not connect TO this device (its an "Apple" phone).
        The device uses the OpenVPN access to access local (behind pfSense) resources.
        Its not there so other devices can connect to it.

        Is this - your - device sharing resources that needed to be shared / expose to others ?
        You want to use windows explorer to explore them ?

        My image shows that my iPhone is connected.
        My iPhone doesn't (and can't) share any resources.

        Just for my own curiosity, why would you want to 'access resources' on the devices of OpenVPN clients ?

        @zapador said in [Solved] Can't resolve hostnames from OpenVPN Client:

        On the pfSense I have enabled "Services -> DNS Resolver -> Register connected OpenVPN clients in the DNS Resolver"

        If this option is set, then the common name (CN) of connected OpenVPN clients will be registered in the DNS Resolver, so that their name can be resolved. This only works for OpenVPN servers (Remote Access SSL/TLS or User Auth with Username as Common Name option) operating in "tun" mode. The domain in System: General Setup should also be set to the proper value

        so the "host name" used is what you gave it when creating the OpenVPN server access.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        Z 1 Reply Last reply Reply Quote 1
        • Z
          zapador @Gertjan
          last edited by

          @Gertjan Thank you for the reply.

          I don't need to know the IP. Being able to just use the hostname makes things easier as the hostname is an ID used in multiple places/systems to reference the same thing, this allows me to skip the step of having to look up the IP address for a given ID (hostname).

          All of these resources (VPN clients) are vessels/ships with monitoring systems onboard that collect data. So there's many vessels each identified by a unique ID (same as hostname) and we need to be able to connect to each vessel for configuration as well as for automatic collection of the data.

          I understand that most scenarios involve a client accessing resources behind the server and that it is somewhat unusual to access resources on the client.

          I managed to solve the problem. I had by mistake made a rule allowing port 53 only as TCP instead of TCP/UDP and that caused the DNS lookups to fail. After fixing the rule everything works flawlessly.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @zapador
            last edited by

            @zapador said in [Solved] Can't resolve hostnames from OpenVPN Client:

            All of these resources (VPN clients) are vessels/ships with monitoring systems onboard that collect data

            👍
            Ah, nice, I get it.
            Collecting data from ships ... Nice !

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.