LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-08-2010, 05:11 AM   #1
SystemR89
LQ Newbie
 
Registered: May 2010
Location: Turin, Italy
Distribution: Debian unstable/experimental
Posts: 4

Rep: Reputation: 0
Resolve hostname between openvpn clients


Hi,
I've a fully working openvpn network but it works only using ip address.

Clients should comunicate each other thought the server. To semplify the managment of clients I'd like to use their hostname instead their ip. there are a way to achieve it?

Now openvpn assign ip address to the clients, but if is needed I can install other software on the server, it's a Debian machine.
 
Old 11-08-2010, 11:56 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
In order to have hosts resolve by name you will either need to put entries in (all of) the hosts tables or use DNS. DNS can be a little tricky with Openvpn, depending on your wishes. What I mean is that typically one would use a combination of DHCP and DNS and create dynamic DNS whereby hosts get assigned an IP address and this links to the DNS server to resolve the name. OpenVPN by default uses a pseudo DHCP and by default won't link to the DNS to update the configuration. If you can be sure that the remote clients will always have the same VPN (IP) address, the easiest thing to do would be to create a static name to adress mapping and put these in the DNS zone configuration. Similarly, you could put these mappings in the hosts file(s).

You can use a regular DHCP server, but in order to get it to bind to your VPN interface, the VPN interface will need to be created first.
 
Old 11-09-2010, 04:49 AM   #3
SystemR89
LQ Newbie
 
Registered: May 2010
Location: Turin, Italy
Distribution: Debian unstable/experimental
Posts: 4

Original Poster
Rep: Reputation: 0
I found this script: http://oldwiki.openwrt.org/OpenVPNDNS.html

but adding (learn-address /var/lib/openvpn/learn-address.sh) in openvpn everything won't work anymore.. Clients can connect to the server but communications between hosts are broken.
The script is executable, clients get the ip and the log is apparently the same as option deactivated.
 
Old 11-09-2010, 12:06 PM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
It looks like that script attempts to learn the host name and dynamically add it to the hosts file and then tell DNSMasq to update itself according to this. I will assume for now that it does this and that you are using DNSMasq for your DNS server and answer your comment:
Quote:
Clients can connect to the server but communications between hosts are broken
This is a second issue, one that I didn't get into in my initial reply. The problem becomes one of routing and there are several aspects to it. Lets say you have LAN hosts, A,B,C, and S with S acting as the VPN server. Remote client R connects to the server S and the two devices should be able to talk to each other. Client R then wants to communicate with client A,B, or C and it can resolve their address. Lets assume that your LAN is 192.168.0.x and R has been given VPN address 192.168.0.100 and S is 192.168.0.50 and A is 192.168.0.1. R does a lookup and sees that A is at 192.168.0.1 and it is configured to route across the virtual tunnel (VPN). When A attempts to reply, it sees R as being at 192.168.0.100 and sends the packet out on its interface. Unfortunately, R isn't really at 192.168.0.100 - and the VPN on the server S must be configured to intercept this traffic and proxy between A and R.

This is where the NAT and IP Masquerading come into play that you often read about in the OpenVPN documentation.

Personally, I have never gotten this to work and it is not for a lack of trying. If you do manage to get this to work, I would be very interested in how and what worked for you.
 
Old 11-10-2010, 04:56 AM   #5
SystemR89
LQ Newbie
 
Registered: May 2010
Location: Turin, Italy
Distribution: Debian unstable/experimental
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Noway2 View Post
It looks like that script attempts to learn the host name and dynamically add it to the hosts file and then tell DNSMasq to update itself according to this. I will assume for now that it does this and that you are using DNSMasq for your DNS server and answer your comment:

This is a second issue, one that I didn't get into in my initial reply. The problem becomes one of routing and there are several aspects to it. Lets say you have LAN hosts, A,B,C, and S with S acting as the VPN server. Remote client R connects to the server S and the two devices should be able to talk to each other. Client R then wants to communicate with client A,B, or C and it can resolve their address. Lets assume that your LAN is 192.168.0.x and R has been given VPN address 192.168.0.100 and S is 192.168.0.50 and A is 192.168.0.1. R does a lookup and sees that A is at 192.168.0.1 and it is configured to route across the virtual tunnel (VPN). When A attempts to reply, it sees R as being at 192.168.0.100 and sends the packet out on its interface. Unfortunately, R isn't really at 192.168.0.100 - and the VPN on the server S must be configured to intercept this traffic and proxy between A and R.

This is where the NAT and IP Masquerading come into play that you often read about in the OpenVPN documentation.

Personally, I have never gotten this to work and it is not for a lack of trying. If you do manage to get this to work, I would be very interested in how and what worked for you.
Sorry, probably I didn't explain it well. I think that it's not a routing problem because without "learn-address /var/lib/openvpn/learn-address.sh" in the server configuration the communications between each client works well.
With this trick instead I can't ping any client from server, server from client or client to client. Looking openvpn log apparently nothing goes wrong when a client establish the connection.
/etc/hosts.openvpn-clients isn't filled so I tried using ip address

Permissions and executable flags was set correctly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 02:42 AM
unable to resolve hostname edgjerp Linux - Software 5 04-30-2008 05:28 PM
Resolve hostname from IP cornish Linux - Networking 10 10-10-2007 10:21 AM
openvpn client don't resolve names t0bias Linux - Security 4 06-14-2007 09:48 AM
resolve hostname linuxtesting2 Solaris / OpenSolaris 5 03-20-2007 12:27 AM


All times are GMT -5. The time now is 04:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration