4

I am currently trying to setup an OpenVPN server with the intention of linking several servers together in order to run the backup jobs over the VPN.

For this example, this is what I have:

  • A pfSense server running OpenVPN (pfsense.vpn)
  • Two clients: client1.vpn and client2.vpn
  • OpenVPN / pfSense configured with the following settings:
    • TUN mode
    • Tunnel network: 10.0.8.0/24
    • Local network: 10.0.255.0/24
    • DNS forwarder enabled
    • Inter-client communication enabled
    • DNS-rebind check disabled
    • OpenVPN pushes the default domain 'vpn' to clients
    • OpenVPN pushes the default DNS server 10.0.8.1 to clients

The problem:

Clients can cannot without any problems. They can also reach each other by pinging the IP-addresses directly. When pinging pfsense, it will automatically resolve though the default search domain, however when pinging any hostname of a connecting client, this will not work.

The routing table for clients seem to be incorrect as well. Example from client1 (10.0.8.10):

10.0.8/24          10.0.8.9           UGSc            1        0    tun0
10.0.8.9           10.0.8.10          UH              3        0    tun0
10.0.255/24        10.0.8.9           UGSc            0        0    tun0

10.0.8.9 points to nothing, so I have no clue where this is coming from.

Why is my local domain resolution not working for VPN-connected clients?

Aron Rotteveel
  • 8,239
  • 17
  • 51
  • 64

2 Answers2

2

VPN-connected clients don't register their hostnames. Would have to statically assign them via client overrides and manually add to DNS forwarder for them to resolve.

Chris Buechler
  • 2,938
  • 14
  • 18
  • Hi Chris, thanks for replying. I could not find this information anywhere else. Do you have any references? What is the point of pushing a default domain to clients then? – Aron Rotteveel Feb 17 '12 at 08:33
  • 1
    Default domain has no relevance to whether clients register their name in DNS. The default domain is just so clients use that for name resolution. References? When you're the founder of the project you don't need no stinkin references. ;) Registering OpenVPN client hostnames isn't common at all, that's not referenced anywhere that I'm aware of. More common in such environments is pointing them to internal DNS where they register themselves, such as Microsoft AD environments. – Chris Buechler Feb 18 '12 at 04:22
  • Hi Chris, thanks for the reply, this clears things up! :) I guess for now settling for static IP mapping would suffice, but getting hosts to register in the DNS definitely would be handy. – Aron Rotteveel Feb 18 '12 at 10:54
0

This is a very old question, pfsense (2.4.4) includes the option "Register connected OpenVPN clients in the DNS Resolver" at dns-resolver