Re: [pfSense] Hostname resolution of OpenVPN-connected clients
On Sat, 14 Nov 2015 04:37:34 + Espen Johansenwrote: > Bsed on your need I think you should convert to l2tp. > > https://doc.pfsense.org/index.php/L2TP/IPsec Thanks. I'll have a look at it. Maybe it's a better fit for us. Marco ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Hostname resolution of OpenVPN-connected clients
Bsed on your need I think you should convert to l2tp. https://doc.pfsense.org/index.php/L2TP/IPsec -lsf lør. 14. nov. 2015, 03.22 skrev Vick Khera: > On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote: > > > > Setting up BIND 9 to manage a dynamic zone is not very difficult. > > > > Do I need an additional BIND instance besides the unbound that's > > already running on the pfSense box? > > > > unbound != bind. I do not know anything about setting up dynamic zones in > unbound. i know how to do it in bind9. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Hostname resolution of OpenVPN-connected clients
On Thu, Nov 12, 2015 at 5:20 AM, Marcowrote: > > Setting up BIND 9 to manage a dynamic zone is not very difficult. > > Do I need an additional BIND instance besides the unbound that's > already running on the pfSense box? > unbound != bind. I do not know anything about setting up dynamic zones in unbound. i know how to do it in bind9. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Hostname resolution of OpenVPN-connected clients
On 15-11-12 02:15 AM, Marco wrote: On Wed, 11 Nov 2015 15:22:40 + Espen Johansenwrote: I think you have to set up a radius server and assign ip based on the user. That way they will be "static" and then add DNS entries to that static IP. I've never dealt with RADIUS. Seems like a bit like overkill to just get the DNS working. But I'll read up what it takes to implement RADIUS. Thanks for the response. Not sure how many clients you are going to have, but Openvpn allows you to assign an IP address to a specific client. Look at the ipp.txt file. Geoff ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Hostname resolution of OpenVPN-connected clients
On Wed, 11 Nov 2015 15:22:40 + Espen Johansenwrote: > I think you have to set up a radius server and assign ip based on the > user. That way they will be "static" and then add DNS entries to that > static IP. I've never dealt with RADIUS. Seems like a bit like overkill to just get the DNS working. But I'll read up what it takes to implement RADIUS. Thanks for the response. Marco ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Hostname resolution of OpenVPN-connected clients
Hello, we use pfSense since quite a while with success and are very happy overall. Recently we set up OpenVPN and are facing a DNS issue. Hosts in the LAN can be addressed using the hostname (thanks to “Register DHCP leases in the DNS Resolver”) which is working perfectly fine. Hosts on the OpenVPN network can also resolve hosts in the LAN. However, from the LAN the OpenVPN-connected hosts cannot be reached (only via IP address, not via hostname). Research shows¹ that VPN-connected clients don't register their hostnames in the DNS which is unfortunate and would probably solve the issue we face. The answer seems to be¹: > Would have to statically assign them via client overrides and manually add > to DNS forwarder for them to resolve. This would work for static hosts that are always on the VPN, but this wouldn't work for mobile hosts (e.g. employee's laptops) which have a different IP address, depending on whether they are connected to the LAN or connected via OpenVPN. How to access the mobile hosts via the same hostname regardless if they are connected to the LAN or VPN? Marco ¹ http://serverfault.com/a/361103/102215 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Hostname resolution of OpenVPN-connected clients
I think you have to set up a radius server and assign ip based on the user. That way they will be "static" and then add DNS entries to that static IP. My 2cents, -lsf ons. 11. nov. 2015, 15.47 skrev Marco: > Hello, > > we use pfSense since quite a while with success and are very happy overall. > > Recently we set up OpenVPN and are facing a DNS issue. Hosts in the LAN > can be > addressed using the hostname (thanks to “Register DHCP leases in the DNS > Resolver”) which is working perfectly fine. Hosts on the OpenVPN network > can > also resolve hosts in the LAN. However, from the LAN the OpenVPN-connected > hosts cannot be reached (only via IP address, not via hostname). Research > shows¹ that VPN-connected clients don't register their hostnames in the DNS > which is unfortunate and would probably solve the issue we face. The answer > seems to be¹: > > > Would have to statically assign them via client overrides and manually > add > > to DNS forwarder for them to resolve. > > This would work for static hosts that are always on the VPN, but this > wouldn't > work for mobile hosts (e.g. employee's laptops) which have a different IP > address, depending on whether they are connected to the LAN or connected > via > OpenVPN. > > How to access the mobile hosts via the same hostname regardless if > they are connected to the LAN or VPN? > > Marco > > ¹ http://serverfault.com/a/361103/102215 > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Hostname resolution of OpenVPN-connected clients
On Wed, Nov 11, 2015 at 2:46 AM, Marcowrote: > How to access the mobile hosts via the same hostname regardless if > they are connected to the LAN or VPN? > Via some form of dynamic DNS perhaps? It seems it should be possible to have the openvpn client run some script that will register its current IP into a BIND server via RFC2136 update. Setting up BIND 9 to manage a dynamic zone is not very difficult. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold