Solved Hostname for vpn

[SanPe]

Hi,

Simple question, is it possible to define hostname for VPN clients? Just like for the DHCP, but for distant machine connected to the router through VPN tunnel.

My goal is to access distant devices with http://HostName.RouterDomainName, just like I do with local machines. My VPN clients already have static VPN IP.

Thanks!

 

[ColinTaylor]

I think the issue would be that in a typical VPN setup the incoming client doesn't have a fixed IP address, it just gets the first available address in the 10.8.0.x range. So how would you associate a host name with an IP address? If you only have one VPN client and it always gets the same IP address then you can simply add it to the router's hosts file.

 

[eibgrad]

In a site to site configuration, it's entirely possible (in fact, common) to have bi-directional, local name resolution across the tunnel. It requires the local DNS server on both sides to know of, and have access to, the others's local DNS server. Normally that's a given for the OpenVPN client since the OpenVPN server's DNS server is typically advertised (pushed) to the client. But on the server side, it's NOT so automatic.

You need to minimally configure DNSMasq on the server side w/ that information using a server directive that points to the domain of the OpenVPN client and the IP address of its DNS server.

So if we assume the OpenVPN client's local IP network is 192.168.10.0/24 (which needs to be made known to the OpenVPN server via Manage Client Specific Options), and its DNS server is located at 192.168.10.1, and the OpenVPN client's domain is xyz, you would add the following to DNSMasq on the server side.

server=/xyz/192.168.10.1

Now any DNS queries for somedevice.xyz will be resolved across the tunnel.

Of course, you could repeat the process for multiple OpenVPN clients, just so long as each is using different local IP networks.

P.S. It can sometimes still be a bit tricky to configure since each side's DNS server must be *listening* to the OpenVPN network interface on its side. Depending on the firmware, that might be done automatically, as a courtesy, or require YOU to manage it by adding an appropriate 'interface' directive to DNSMasq.

 

[SanPe]

which needs to be made known to the OpenVPN server via Manage Client Specific Options

What do you mean? Do I just need to check this option, or do I have do check + add something to declare the distant local network? I understand it's the last one, but how?

I'll poke around, thanks.

 

[eibgrad]

What do you mean? Do I just need to check this option, or do I have do check + add something to declare the distant local network? I understand it's the last one, but how?

I'll poke around, thanks.

In a NON site-to-site configuration, the OpenVPN server typically knows NOTHING about what lies behind the OpenVPN client. It has no idea what other IP network(s) are accessible via the OpenVPN client. All it knows is the IP assigned to the client on the tunnel.

In a site-to-site configuration, you need to *tell* the OpenVPN server the other IP network(s) that lie behind a specific OpenVPN client (typically based on the CN (Common Name) specified on its cert). And you do that using the Manage Client-Specific Options section of the OpenVPN server. NOW the server knows (using my example) that 192.168.10.0/24, and specifically 192.168.10.1 for the DNS server, are accessible over the tunnel between itself and that particular OpenVPN client.

 

[SanPe]

I realise while trying to do what you wrote, that adding entries to my dns server was enough for what I wanted.
Sorry for the bothering and thanks a lot for your explanations