How to resolve local and remote hosts
-
A quick question I was hoping someone knew.
When I launch openvpn at work to connect back to my pfSense box at home clients on my local network will no longer be resolveable by name only remote clients will.
This makes sense as all my DNS queries would be forwarded to my VPN endpoint to resolve and of course it doesn't know about the local client hostnames only remote.
Does anyone have a easy way to resolve both local and remote clients when using openvpn?
-
Not without using local dns resolver with specific forwarder setup. Or if work dns can have forwarder for your home domain? Or you home dns can talk to your work dns? If not then you need 3rd dns that can say oh your looking for domainx.com – lets go ask home dns. Oh your looking for anything else - lets go ask work dns.
Here is the problem with such a scenario.. While you can setup more than 1 dns server, your never really sure which one is going to get asked.. It does not ask them that are listed.
Easy solution is if you need to resolve something at your home, just manually do it with dig or nslookup. And leave your remote vpn client talking to its local dns.
-
If I'm not misunderstanding your question and with the caveat that it was a long time since I made this work then as far as I can recall the only setting I needed to do was to push the pfsense box openvpn subnet ip (10.0.8.1) to the client as in the screenshot.
pfsense - VPN - OpenVPN - edit your server - Client Settings - check Provide a DNS server list to clients and enter appropriate openvpn subnet ip
-
So I am at company X, and my company has servers lets call them serverA.companyX.com for example
How does 10.0.8.1 as your home DNS know about serverA.companyX.com when it is only resolvable by computers on the companyX network - its is not open to the public NET.. For example the Active Directory servers.
While you can hand out multiple dns to your pfsense clients, just because you have multiple dns, depending on what the dns returns when asked for serverA.companyX.com its just going to stop.. And if I ask say the companyX dns for something at home pfsense.localdomain.net - it sure and the hell does not know..
The best solution to this sort of problem is say run bind on your box.. Point to it for dns.. And in it have forwarder for localdomain.net to ask your dns on your home network, and everything else go to your corp dns.
That way you can resolve both your company stuff and your home stuff when you have a vpn connection. It does not have to be bind, could be dnsmasq, tinydns, unbound, anything that can make the call..
