subject:"\[pfSense\] Hostname resolution of OpenVPN\-connected clients"

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-16 Thread Marco

On Sat, 14 Nov 2015 04:37:34 +
Espen Johansen  wrote:

> Bsed on your need I think you should convert to l2tp.
> 
> https://doc.pfsense.org/index.php/L2TP/IPsec

Thanks. I'll have a look at it. Maybe it's a better fit for us.

Marco
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-14 Thread Espen Johansen

Bsed on your need I think you should convert to l2tp.

https://doc.pfsense.org/index.php/L2TP/IPsec

-lsf

lør. 14. nov. 2015, 03.22 skrev Vick Khera :

> On Thu, Nov 12, 2015 at 5:20 AM, Marco  wrote:
>
> > > Setting up BIND 9 to manage a dynamic zone is not very difficult.
> >
> > Do I need an additional BIND instance besides the unbound that's
> > already running on the pfSense box?
> >
>
> unbound != bind. I do not know anything about setting up dynamic zones in
> unbound. i know how to do it in bind9.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-13 Thread Vick Khera

On Thu, Nov 12, 2015 at 5:20 AM, Marco  wrote:

> > Setting up BIND 9 to manage a dynamic zone is not very difficult.
>
> Do I need an additional BIND instance besides the unbound that's
> already running on the pfSense box?
>

unbound != bind. I do not know anything about setting up dynamic zones in
unbound. i know how to do it in bind9.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-12 Thread Geoff Nordli


On 15-11-12 02:15 AM, Marco wrote:

On Wed, 11 Nov 2015 15:22:40 +
Espen Johansen  wrote:


I think you have to set up a radius server and assign ip based on the
user. That way they will be "static" and then add DNS entries to that
static IP.

I've never dealt with RADIUS. Seems like a bit like overkill to just
get the DNS working. But I'll read up what it takes to implement
RADIUS. Thanks for the response.




Not sure how many clients you are going to have, but Openvpn allows you 
to assign an IP address to a specific client.  Look at the ipp.txt file.


Geoff

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-12 Thread Marco

On Wed, 11 Nov 2015 15:22:40 +
Espen Johansen  wrote:

> I think you have to set up a radius server and assign ip based on the
> user. That way they will be "static" and then add DNS entries to that
> static IP.

I've never dealt with RADIUS. Seems like a bit like overkill to just
get the DNS working. But I'll read up what it takes to implement
RADIUS. Thanks for the response.

Marco
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-11 Thread Marco

Hello,

we use pfSense since quite a while with success and are very happy overall.

Recently we set up OpenVPN and are facing a DNS issue. Hosts in the LAN can be
addressed using the hostname (thanks to “Register DHCP leases in the DNS
Resolver”) which is working perfectly fine. Hosts on the OpenVPN network can
also resolve hosts in the LAN. However, from the LAN the OpenVPN-connected
hosts cannot be reached (only via IP address, not via hostname). Research
shows¹ that VPN-connected clients don't register their hostnames in the DNS
which is unfortunate and would probably solve the issue we face. The answer
seems to be¹:

> Would have to statically assign them via client overrides and manually add
> to DNS forwarder for them to resolve.

This would work for static hosts that are always on the VPN, but this wouldn't
work for mobile hosts (e.g. employee's laptops) which have a different IP
address, depending on whether they are connected to the LAN or connected via
OpenVPN.

How to access the mobile hosts via the same hostname regardless if
they are connected to the LAN or VPN?

Marco

¹ http://serverfault.com/a/361103/102215
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-11 Thread Espen Johansen

I think you have to set up a radius server and assign ip based on the user.
That way they will be "static" and then add DNS entries to that static IP.

My 2cents,
-lsf

ons. 11. nov. 2015, 15.47 skrev Marco :

> Hello,
>
> we use pfSense since quite a while with success and are very happy overall.
>
> Recently we set up OpenVPN and are facing a DNS issue. Hosts in the LAN
> can be
> addressed using the hostname (thanks to “Register DHCP leases in the DNS
> Resolver”) which is working perfectly fine. Hosts on the OpenVPN network
> can
> also resolve hosts in the LAN. However, from the LAN the OpenVPN-connected
> hosts cannot be reached (only via IP address, not via hostname). Research
> shows¹ that VPN-connected clients don't register their hostnames in the DNS
> which is unfortunate and would probably solve the issue we face. The answer
> seems to be¹:
>
> > Would have to statically assign them via client overrides and manually
> add
> > to DNS forwarder for them to resolve.
>
> This would work for static hosts that are always on the VPN, but this
> wouldn't
> work for mobile hosts (e.g. employee's laptops) which have a different IP
> address, depending on whether they are connected to the LAN or connected
> via
> OpenVPN.
>
> How to access the mobile hosts via the same hostname regardless if
> they are connected to the LAN or VPN?
>
> Marco
>
> ¹ http://serverfault.com/a/361103/102215
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-11 Thread Vick Khera

On Wed, Nov 11, 2015 at 2:46 AM, Marco  wrote:

> How to access the mobile hosts via the same hostname regardless if
> they are connected to the LAN or VPN?
>

Via some form of dynamic DNS perhaps? It seems it should be possible to
have the openvpn client run some script that will register its current IP
into a BIND server via RFC2136 update. Setting up BIND 9 to manage a
dynamic zone is not very difficult.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

[pfSense] Hostname resolution of OpenVPN-connected clients

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

8 matches

Site Navigation

Mail list logo

Footer information