Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to resolve local and remote hosts

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DBayPlaya2k3
      last edited by

      A quick question I was hoping someone knew.

      When I launch openvpn at work to connect back to my pfSense box at home clients on my local network will no longer be resolveable by name only remote clients will.

      This makes sense as all my DNS queries would be forwarded to my VPN endpoint to resolve and of course it doesn't know about the local client hostnames only remote.

      Does anyone have a easy way to resolve both local and remote clients when using openvpn?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Not without using local dns resolver with specific forwarder setup.  Or if work dns can have forwarder for your home domain?  Or you home dns can talk to your work dns?  If not then you need 3rd dns that can say oh your looking for domainx.com – lets go ask home dns.  Oh your looking for anything else - lets go ask work dns.

        Here is the problem with such a scenario..  While you can setup more than 1 dns server, your never really sure which one is going to get asked..  It does not ask them that are listed.

        Easy solution is if you need to resolve something at your home, just manually do it with dig or nslookup.  And leave your remote vpn client talking to its local dns.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          pfff
          last edited by

          If I'm not misunderstanding your question and with the caveat that it was a long time since I made this work then as far as I can recall the only setting I needed to do was to push the pfsense box openvpn subnet ip (10.0.8.1) to the client as in the screenshot.

          pfsense - VPN - OpenVPN - edit your server - Client Settings - check Provide a DNS server list to clients and enter appropriate openvpn subnet ip

          openvpn.dns.png
          openvpn.dns.png_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So I am at company X, and my company has servers lets call them serverA.companyX.com for example

            How does 10.0.8.1 as your home DNS know about serverA.companyX.com when it is only resolvable by computers on the companyX network - its is not open to the public NET..  For example the Active Directory servers.

            While you can hand out multiple dns to your pfsense clients, just because you have multiple dns, depending on what the dns returns when asked for serverA.companyX.com its just going to stop..  And if I ask say the companyX dns for something at home pfsense.localdomain.net - it sure and the hell does not know..

            The best solution to this sort of problem is say run bind on your box..  Point to it for dns.. And in it have forwarder for localdomain.net to ask your dns on your home network, and everything else go to your corp dns.

            That way you can resolve both your company stuff and your home stuff when you have a vpn connection.  It does not have to be bind, could be dnsmasq, tinydns, unbound, anything that can make the call..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.