I have configured OpenVPN as a server to host my own VPN and I want use DNSMasq to resolve hostnames on the VPN.
Say I have the OpenVPN server, two computers on the internal network, and one outside, all clients for the VPN (192.168.254.0/24):
- Internal Network: 192.168.1.0/24
- server: IP: 192.168.1.1
- A: IP: 192.168.1.2, VPN: 192.168.254.2
- B: IP: 192.168.1.3, VPN: 192.168.254.3
- External Network: 192.168.2.0/24
- C: IP: 192.168.2.1, VPN: 192.168.254.4
With my current setup, both A and B can resolve their hostnames via DNSMasq on the internal network. And, all of A, B, and C can access each other by direct IP. But, I want to allow C to access A and B by hostname (DNS resolution, not NetBIOS) without directing all network traffic through the VPN.
OpenVPN configuration:
proto tcp
dev tap
server 192.168.254.0 255.255.255.0
client-to-client
persist-key
persist-tun
Do I need to also configure the VPN server as a client? Do I need to push the domain from the Internal Network across the VPN? What do I need to do?
Best Answer
With great complexity, I have something approximating DNS over the VPN.
First, I had to run a script upon the addition of an address to OpenVPN. In the server configuration:
I started with the
learn-address.sh
script from an old OpenVPN thread, but since I was running a TAP interface, I had to add script to parse theip-pool
file as well:I ended up running DNSMasq on one server for my own LAN, and a different server for the VPN. I had to update my configuration (
/etc/dnsmasq.conf
) on the VPN DNS server:Once I had this, I then had to push a few options via OpenVPN's DHCP server. Again, in the OpenVPN server configuration:
Unfortunately, only the Windows version of OpenVPN supports setting these options automatically. Linux clients will need to configure scripts to run on connection up/down. If you Linux system uses
/etc/resolv.conf
, ultimately, you need your VPN domain to appear in yoursearch
list, and your server IP to appear as anameserver
: