Needing EXPERTS! - OpenVPN (tun) Routing - Access PCs over Hostnames not IPs



  • Hello i need experts help,

    i use pfsense 2.0.

    networks:
    tunnel: 10.10.0.0/24
    local  : 192.168.10.0/24

    openvpn server is accessable for vpn clients.
    you can ping and tracert with IP every PC over vpn in local network, but you cant ping, access shares or tracert with HOSTNAMES.
    f.e. ping 192.168.10.1 = access
    but ping officepc01 = timeout, no route to host….

    i dont know exactly why, but i think it have to do with:

    1. wins servers
    2. routes
    3. broadcasts
    4. --allow-pull-fqdn
         Allow client to pull DNS names from server (rather than being limited to IP address) for --ifconfig, --route, and --route-gateway.

    to 1)
    we have no wins server, only a debian domain server over samba

    to 2)
    i have push the routes from local network (vpn-server) and the tunnel network AND pushed the dns from local network of vpnserver, but no hostnames ping accessable :(

    to 3)
    i have configured openvpn server to use "Enable NetBIOS over TCP/IP" with status "none" or "b-node", but never access shares over HOSTNAMES :(

    to 4)
    i dont know to configure that option :(

    WHAT CAN I DO TO CORRECT THIS PROBLEM WITH HOSTNAMES?????

    i know that bridging is a worse scenario for openvpn configuration! (tap)
    (this says the openvpn tutorial and many more users)

    but they say, that with correct routing, everyone should ping over hostnames! but how?



    1. Your Samba server can be a WINS server, if you configure it to be one
    2. If you can ping things then there isn't a lack of routers
    3. See (1)
    4. You don't need that

    Do you have entries in DNS for all hosts? If so ensure you push your DNS server and the correct search domain.



  • yeah havok - good morning,

    first point you mean….ok

    hmm where can i get the search-domain?
    (/etc/resolv.conf ?)
    in smb.conf i find:

    • workgroupname:DAV
    • domain-master, local master and preferred master server is that.
    • wins support = yes
    • name resolve order = wins lmhosts host bcast

    dns? our dns is our router :) or you want that i configured that lmhosts file with all computers?

    can you little bit helping me please

    thanks dave



  • Do you have a local DNS domain, or do you use WINS for everything? For any modern version of Windows (XP onwards) you should be using DNS if you can.

    If you're using WINS then you must push the WINS server address (which is your Samba server) in the OpenVPN settings. After that everything should just work - assuming you're using WINS everywhere.



  • we have a local dns domain - name: DAV
    you can login under domain DAV
    but we have besides a workgroup with same name.
    the pdc is the samba pdc server

    to dns:

    can i not push the dns router adress for name resolution?

    when not - i configure the pdc samba to wins

    thanks for help



  • Mixing an Active Directory domain and a workgroup with the same name is asking for trouble, to put it mildly. This may be part of your problem.

    Yes, you can push the DNS server for name resolution, just ensure you push the internal DNS domain too (either as part of the search path or the actual domain).



  • hmm ok.

    how i can get or find the local dns domain of the router?

    @ home: i have a speeport router and there is it speedport.ip
    and dns adress is the router

    but here we have a linksys
    i cant find a domain name

    thanks for help



  • Not the router, the DNS domain for your active directory domain.



  • can i not install the dns package for pfsense and my ping over hostname problem is finito?



  • Ok, do you actually have an active Windows Domain or Active Directory? What device is acting as your Domain Controller?



  • hello,
    we have an active windows domain, i think!
    a pdc samba debian server.
    twelve clients (meber of domain) can connect over this server into domain.

    but what is with the dns tool for pfsense?
    is tinydns easy to use over gui in pfsense 2.0 beta 5 ?

    i think, when the tinydns is a solution, i would kill and reconfigure the pdc samba debian server ;)

    when not - i take debian to resolve the vpn and local hostnames over a wins server solution.
    (little bit reconfigure the smb.conf)



  • Stop over complicating things. You're just going to cause yourself pointless work and make the situation more confusing.

    In the OpenVPN configuration on pfSense start by pushing the IP of the Samba server as the WINS server. As you're using Samba as a PDC then you're using a Windows NT domain, not Active Directory. That means that WINS is probably your primary name resolution service for the local network.



  • ok i test it!
    thanks



  • hmm when i push the pdc as wins server in openvpn config, i cant ping over vpn with hostnames :(
    every host is registered in /etc/hosts

    what is wrong?



  • /etc/hosts where - on the PDC or the client?

    Are the client computers configured to use WINS for name resolution? What version of Windows are they running?



  • hello cry havok,

    on the pdc the /etc/hosts!

    the clients aren't configure to use wins for name resolution, i have for testing configured my pc to use the wins for name-resolution.
    but i can also ping with hostnames without wins entry on my machine ;)

    we use only windows xp 32 and 64 bit machines

    thanks



  • WINS is a broadcast protocol - you don't need to populate /etc/hosts on the PDC and I'm not sure the doing so will achieve anything.

    If you don't configure the client to use WINS how on earth do you expect WINS to work? Try doing that, and ensuring that when connected to the VPN a WINS server is defined (the output of ipconfig/all on a client should help you identify that).



  • ok you are right!

    i have modified one hostname from pdc's /etc/hosts from rails to railsbitch
    AND I CAN PING IT! PORNO ;)

    ok i have to configured all clients in local network to use wins yes?

    and then i can ping everyone in local network over vpn?! right?

    thanks a lot forward havok



  • And the remote devices need to be using WINS too - they need to have it enabled on the OpenVPN adapter and have the setting pushed to them by the OpenVPN server.



  • yes i pushed the wins server throw the tunnel to vpn-clients.
    i test it tonight thanks for tipps havok


Locked