Want a hostname to resolve to an IP over a openvpn, please help.



  • Besides editing each individual host file on every PC, is there a way inside the PFSense to direct a hostname over to another IP not on that systems subnet?

    IE: Anyone in office A (192.168.1.1/24) wants to access "Realestate" at Office B at IP 192.168.2.2 over the site-to-site openvpn tunnel we have setup, how do we make it direct that PC to resolve "Realestate" to 192.168.2.2?



  • Host overrides. Or better yet, setup different domain for each office and use domain override and point it to the other office's dns. Now you can use the fqdn of a host from either domain. Or use the same dns server for all offices.



  • @fragged:

    Host overrides. Or better yet, setup different domain for each office and use domain override and point it to the other office's dns. Now you can use the fqdn of a host from either domain. Or use the same dns server for all offices.

    Derp derp. I was filling in host overrides incorrectly and thats why it was stumping me. I'm on a work group and kept reading domain and filling it out all odd ball. haha I have it setup in the dns forwarding section, but it is still not working. Not resolving.



  • This is how I have it configured. I can ping realestate.wallace.local and it resolves and pings perfectly. If I ping "realestate" I get no resolve. :(




  • @elementalwindx:

    This is how I have it configured. I can ping realestate.wallace.local and it resolves and pings perfectly. If I ping "realestate" I get no resolve. :(

    Make the host override with your local domain if you want to ping to work with the short name.



  • @fragged:

    @elementalwindx:

    This is how I have it configured. I can ping realestate.wallace.local and it resolves and pings perfectly. If I ping "realestate" I get no resolve. :(

    Make the host override with your local domain if you want to ping to work with the short name.

    When you're working in a windows workgroup and not a ad domain, how do you do that? The workgroup these PC's are on is "workgroup"



  • Whatever domain you use for your pfSense is used as the local search domain.



  • @fragged:

    Whatever domain you use for your pfSense is used as the local search domain.

    That isn't working either.

    Under general settings the name of the pfsense is pfsense.kenansville.local

    I changed the dns override to realestate.kenansville.local then I went into a pc and pinged "realestate" and it's not resolving. What am I missing?


  • LAYER 8 Netgate

    Look at the configuration on the PC. What are the local domains? If they're not right, correct in the DHCP server and release/renew. If not DHCP correct on client.



  • @Derelict:

    Look at the configuration on the PC. What are the local domains? If they're not right, correct in the DHCP server and release/renew. If not DHCP correct on client.

    This is an ipconfig /all from the pc I'm attempting to ping from:

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix  . : kenansville.local
      Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
      Physical Address. . . . . . . . . : 00-1C-42-81-F0-30
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::b45c:b69c:f6f4:15d6%3(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.1.160(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : October 27, 2015 5:56:24 PM
      Lease Expires . . . . . . . . . . : October 27, 2015 8:09:34 PM
      Default Gateway . . . . . . . . . : fe80::20a:cdff:fe1f:c979%3
                                          192.168.1.1
      DHCP Server . . . . . . . . . . . : 192.168.1.1
      DHCPv6 IAID . . . . . . . . . . . : 50338882
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-C2-03-C2-00-1C-42-81-F0-3

    DNS Servers . . . . . . . . . . . : 192.168.1.1
      NetBIOS over Tcpip. . . . . . . . : Enabled

    IP config from the pc I'm trying to ping:

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix  . : wallace.local
      Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
      Physical Address. . . . . . . . . : F0-4D-A2-FC-11-50
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : Tuesday, October 27, 2015 5:35:27 PM
      Lease Expires . . . . . . . . . . : Tuesday, October 27, 2015 7:35:27 PM
      Default Gateway . . . . . . . . . : 192.168.2.1
      DHCP Server . . . . . . . . . . . : 192.168.2.1
      DNS Servers . . . . . . . . . . . : 192.168.2.1
      NetBIOS over Tcpip. . . . . . . . : Enabled


  • LAYER 8 Netgate

    Don't debug dns with ping please. Use dig or drill or, if you're crippled, nslookup.



  • In the IPv4 configuration on the windows workstations, go to the window where you can manually add the ip address, dns etc, click the Advanced button, go onto the DNS tab, at the bottom is the Register this connections addresses in DNS ticked?


  • LAYER 8 Netgate

    I think that's the opposite problem.



  • @firewalluser:

    In the IPv4 configuration on the windows workstations, go to the window where you can manually add the ip address, dns etc, click the Advanced button, go onto the DNS tab, at the bottom is the Register this connections addresses in DNS ticked?

    Yes this is ticked on realestate pc and on the pc I'm pinging from.

    Here is a nslookup from the computer trying to ping realestate:

    C:\Windows\system32>nslookup realestate
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  192.168.1.1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out

    C:\Windows\system32>nslookup realestate.wallace.local
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  192.168.1.1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out

    C:\Windows\system32>nslookup realestate.kenansville.local
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  192.168.1.1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out

    C:\Windows\system32>


  • LAYER 8 Netgate

    Well, there you go.  Either you have no connectivity to 192.168.1.1 port 53 or it is not listening or there is an access list or ?



  • @Derelict:

    Well, there you go.  Either you have no connectivity to 192.168.1.1 port 53 or it is not listening or there is an access list or ?

    I have not setup any rules for port 53 in the firewall. The openvpn tabs have an allow all rule though. Whats the next best step to take?



  • I figured it out. Missed one small thing the whole time. You MUST use DNS Forwarder (I tried dns resolver but had no luck, and in the domain overrides section there is no source ip), so what I did was on kenansville.local pfsense, I added host override of realestate.kenansville.local to 192.168.2.2 and under domain override I added kenansville.local with ip 192.168.2.1@192.168.1.1 and that works perfectly :) I hope it doesn't mess up any resolving of pc's on the kenansville network though. I have no way to test that at this moment.

    Not sure why there was a DNS request time out in this nslookup but here is the report below:

    Here is a current nslookup and ping:

    C:\Windows\system32>nslookup realestate
    Server:  router.kenansville.local
    Address:  192.168.1.1

    DNS request timed out.
        timeout was 2 seconds.
    Name:    realestate.kenansville.local
    Address:  192.168.2.2

    C:\Windows\system32>ping realestate

    Pinging realestate.kenansville.local [192.168.2.2] with 32 bytes of data:
    Reply from 192.168.2.2: bytes=32 time=103ms TTL=126
    Reply from 192.168.2.2: bytes=32 time=106ms TTL=126
    Reply from 192.168.2.2: bytes=32 time=113ms TTL=126
    Reply from 192.168.2.2: bytes=32 time=109ms TTL=126

    Ping statistics for 192.168.2.2:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 103ms, Maximum = 113ms, Average = 107ms


Log in to reply