Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I've a fully working openvpn network but it works only using ip address.
Clients should comunicate each other thought the server. To semplify the managment of clients I'd like to use their hostname instead their ip. there are a way to achieve it?
Now openvpn assign ip address to the clients, but if is needed I can install other software on the server, it's a Debian machine.
In order to have hosts resolve by name you will either need to put entries in (all of) the hosts tables or use DNS. DNS can be a little tricky with Openvpn, depending on your wishes. What I mean is that typically one would use a combination of DHCP and DNS and create dynamic DNS whereby hosts get assigned an IP address and this links to the DNS server to resolve the name. OpenVPN by default uses a pseudo DHCP and by default won't link to the DNS to update the configuration. If you can be sure that the remote clients will always have the same VPN (IP) address, the easiest thing to do would be to create a static name to adress mapping and put these in the DNS zone configuration. Similarly, you could put these mappings in the hosts file(s).
You can use a regular DHCP server, but in order to get it to bind to your VPN interface, the VPN interface will need to be created first.
but adding (learn-address /var/lib/openvpn/learn-address.sh) in openvpn everything won't work anymore.. Clients can connect to the server but communications between hosts are broken.
The script is executable, clients get the ip and the log is apparently the same as option deactivated.
It looks like that script attempts to learn the host name and dynamically add it to the hosts file and then tell DNSMasq to update itself according to this. I will assume for now that it does this and that you are using DNSMasq for your DNS server and answer your comment:
Quote:
Clients can connect to the server but communications between hosts are broken
This is a second issue, one that I didn't get into in my initial reply. The problem becomes one of routing and there are several aspects to it. Lets say you have LAN hosts, A,B,C, and S with S acting as the VPN server. Remote client R connects to the server S and the two devices should be able to talk to each other. Client R then wants to communicate with client A,B, or C and it can resolve their address. Lets assume that your LAN is 192.168.0.x and R has been given VPN address 192.168.0.100 and S is 192.168.0.50 and A is 192.168.0.1. R does a lookup and sees that A is at 192.168.0.1 and it is configured to route across the virtual tunnel (VPN). When A attempts to reply, it sees R as being at 192.168.0.100 and sends the packet out on its interface. Unfortunately, R isn't really at 192.168.0.100 - and the VPN on the server S must be configured to intercept this traffic and proxy between A and R.
This is where the NAT and IP Masquerading come into play that you often read about in the OpenVPN documentation.
Personally, I have never gotten this to work and it is not for a lack of trying. If you do manage to get this to work, I would be very interested in how and what worked for you.
It looks like that script attempts to learn the host name and dynamically add it to the hosts file and then tell DNSMasq to update itself according to this. I will assume for now that it does this and that you are using DNSMasq for your DNS server and answer your comment:
This is a second issue, one that I didn't get into in my initial reply. The problem becomes one of routing and there are several aspects to it. Lets say you have LAN hosts, A,B,C, and S with S acting as the VPN server. Remote client R connects to the server S and the two devices should be able to talk to each other. Client R then wants to communicate with client A,B, or C and it can resolve their address. Lets assume that your LAN is 192.168.0.x and R has been given VPN address 192.168.0.100 and S is 192.168.0.50 and A is 192.168.0.1. R does a lookup and sees that A is at 192.168.0.1 and it is configured to route across the virtual tunnel (VPN). When A attempts to reply, it sees R as being at 192.168.0.100 and sends the packet out on its interface. Unfortunately, R isn't really at 192.168.0.100 - and the VPN on the server S must be configured to intercept this traffic and proxy between A and R.
This is where the NAT and IP Masquerading come into play that you often read about in the OpenVPN documentation.
Personally, I have never gotten this to work and it is not for a lack of trying. If you do manage to get this to work, I would be very interested in how and what worked for you.
Sorry, probably I didn't explain it well. I think that it's not a routing problem because without "learn-address /var/lib/openvpn/learn-address.sh" in the server configuration the communications between each client works well.
With this trick instead I can't ping any client from server, server from client or client to client. Looking openvpn log apparently nothing goes wrong when a client establish the connection.
/etc/hosts.openvpn-clients isn't filled so I tried using ip address
Permissions and executable flags was set correctly.
Your `/etc/resolv.conf` file defines where your computer should look to resolve hostnames into IP addresses. The basic problem is that `/etc/resolv.conf` doesn't get updated when you run `openvpn` by default.
Here's what you need to do to fix the problem.
1.) Append the following onto your `server.conf` file on your OpenVPN server machine (typically located at `/etc/openvpn/server.conf`) to have the server to the client where to look to convert hostnames to IP addresses.
Code:
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option DOMAIN mylocaldomain.lan"
2.) Install `resolvconf` on your client machine and link the standard `resolv.conf` to `resolvconf`'s version with the following commands to have a function capable of modifying `resolv.conf`
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.