Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Jul 2014
    Posts
    35

    Default OpenVPN - LAN name resolution

    Feel free to chastise me if there is already something around here that answers it - I can't find it. Gonna keep looking, but figure someone might copy/paste it here for me...

    OpenVPN (well, VPNs in general) doesn't seem to play well with Microsoft's name resolution. This is pretty easy to get working if you are connecting to a network with Active Directory. However, my current small-business client has no server - all peer-to-peer Windows 10 computers.

    I have seen a few posts from other people struggling with this, but have yet to find a solution that works. Being able to find a computer by name when connecting by VPN should be one of the most basic needs, but it doesn't seem to be easily achieved. However, Microsoft networking is (and always has been) kind of funky, so it's small wonder that companies who understand real networking can't seem to fudge their products to work with MS networks.

    To make it easy (or so I thought), I figured I'd create a hosts table, listing the computer names inside the network and their LAN addresses. Not exactly what I want, but there are only 6 internal computers, so why not, right?

    Can this be done with Untangle? I can export a LAN address (Export networks), but could I export a list of individual computer names and their static LAN addresses?

    I'm really at a loss here, and I bet this is another situation where better documentation would make the UT product much more useful. Pretty much every time I have a problem with Untangle, it isn't the product at all, but the documentation not having the detail required.

    Thanks
    Last edited by rob@marathonit.ca; 10-05-2020 at 05:41 PM.

  2. #2
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    427

    Default

    Quite easy, just push the LAN dns servers to the clients.

    OpenVPN > Server > Groups > Edit Default group > Push DNS

  3. #3
    Untangler
    Join Date
    Jul 2014
    Posts
    35

    Default

    Quote Originally Posted by TirsoJRP View Post
    Quite easy, just push the LAN dns servers to the clients.

    OpenVPN > Server > Groups > Edit Default group > Push DNS


    Yep, that works perfectly when there’s a DNS server on the LAN. But this is just a bunch of Windows 10 computers - no AD, no DNS.

    The UT device is in bridge mode, but it creates a list of Devices. You can even add a host name to a detected device. So I used the UT as the DNS server in Default Group. I hoped that a request for a device name might go through that list. Doesn’t seem to.

    This stuff is exhausting...

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Quote Originally Posted by rob@marathonit.ca View Post
    Yep, that works perfectly when there’s a DNS server on the LAN. But this is just a bunch of Windows 10 computers - no AD, no DNS.

    The UT device is in bridge mode, but it creates a list of Devices. You can even add a host name to a detected device. So I used the UT as the DNS server in Default Group. I hoped that a request for a device name might go through that list. Doesn’t seem to.

    This stuff is exhausting...
    yeah... you're not getting name resolution to work with that. Untangle needs to be your router, so DHCP works and the local DNS service can actually be there providing the name lookups. In bridge mode you lack DNSMasq entirely, and therefore are dependent on something else doing the resolution for your network. So if the router you're using won't do it via OpenVPN push... you're SOL.

    Again this isn't magic, it's just DNS. Untangle's host table is irrelevant because even Untangle isn't using Untangle for DNS at this point.
    Last edited by sky-knight; 10-05-2020 at 06:26 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Jul 2014
    Posts
    35

    Default

    My preference would have been to put the ISP modem/router into bridge mode, using UT as the router. This particular Internet offering won’t allow it. Nor are there other services we could change them to.
    I might try forwarding all ports from the ISP’s router to the UT (in router mode). Then I can use it as a router, with DHCP, etc enabled.

    I’ve been supporting computer networks for a long time, but have still managed to avoid learning some of the basics. Really holds a guy back some days.

    Thanks. You have been very helpful...

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Quote Originally Posted by rob@marathonit.ca View Post
    My preference would have been to put the ISP modem/router into bridge mode, using UT as the router. This particular Internet offering won’t allow it. Nor are there other services we could change them to.
    I might try forwarding all ports from the ISP’s router to the UT (in router mode). Then I can use it as a router, with DHCP, etc enabled.

    I’ve been supporting computer networks for a long time, but have still managed to avoid learning some of the basics. Really holds a guy back some days.

    Thanks. You have been very helpful...
    Well then... does the ISP Router have the ability to accept static routes? If so... you could make Untangle a NAT disabled router instead, and work around the limits that way.

    Port forwarding in such a configuration stays on the edge device without hacking through double NAT... Which is what I think you're planning... double NAT is how you make your hair fall out... don't do it!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangler
    Join Date
    Jul 2014
    Posts
    35

    Default

    As always, this group has been very helpful. The warning about double-NAT got me shopping around. Found another ISP who offers a similar (they claim superior) service. Faster (so they say), unlimited usage included, and a modem with no integrated router - all for less money than the client is currently paying.
    So, I will be able to use the Untangle appliance as a router, rather than a bridge-mode VPN device.
    This will resolve a lot of little things I've felt the need to either work-around or do without.

    Thanks once again...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2