Finally getting some headway with my fist install of OpenVPN, lots to learn!
Here's my (test) setup:
OpenVPN server (via Turnkey Linux) - 192.168.0.135
Router 1 - Asus RT-N16 (Advanced Tomato firmware) - WAN 192.168.0.164 - LAN 172.16.2.0/24
1 PC - Hostname: VPNTEST1, IP 172.16.2.87 (DHCP)
Router 2 - Asus RT-N16 (Advanced Tomato firmware) - WAN 192.168.0.167 - LAN 172.16.3.0/24
1 PC - Hostname: VPNTEST2, IP 172.16.3.81 (DHCP)
My WAN ports on the routers are connected to the same 192.168.0.0/24 network as my OpenVPN server.
Everything seems to work ok, my routers connect to OpenVPN just fine, traffic between clients works, however only using IP, not hostname. I know this is a DNS issue as my only DNS servers are those built into each router. How do I go about linking their DNS together, or using my OpenVPN server as a DNS server for my PC clients? I've done some searching and have noted others having a similar problem, but no real resolution.
Here are my config files:
server.conf
# PUBLIC_ADDRESS: 192.168.0.135 (used by openvpn-addclient)
port 1194
proto udp
dev tun
comp-lzo
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
client-to-client
duplicate-cn
auth SHA256
cipher AES-128-CBC
crl-verify /etc/openvpn/easy-rsa/keys/crl.jail/crl.pem
ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/NBPLS-OpenVPN.key
cert /etc/openvpn/easy-rsa/keys/NBPLS-OpenVPN.crt
# ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir /etc/openvpn/server.ccd
status /var/log/openvpn/server.log
verb 3
# DNS Resolution
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Username and Password authentication.
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
# virtual subnet unique for openvpn to draw client addresses from
# the server will be configured with x.x.x.1
# important: must not be used on your network
server 10.8.0.0 255.255.255.0
# push routes to clients to allow them to reach private subnets
# push "route 192.168.0.0 255.255.255.0"
push "route 172.16.2.0 255.255.255.0"
push "route 172.16.3.0 255.255.255.0"
# subnet behind a client: VPNCLIENT1
route 172.16.2.0 255.255.255.0
# subnet behind a client: VPNCLIENT2
route 172.16.3.0 255.255.255.0
port 1194
proto udp
dev tun
comp-lzo
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
client-to-client
duplicate-cn
auth SHA256
cipher AES-128-CBC
crl-verify /etc/openvpn/easy-rsa/keys/crl.jail/crl.pem
ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/NBPLS-OpenVPN.key
cert /etc/openvpn/easy-rsa/keys/NBPLS-OpenVPN.crt
# ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir /etc/openvpn/server.ccd
status /var/log/openvpn/server.log
verb 3
# DNS Resolution
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Username and Password authentication.
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
# virtual subnet unique for openvpn to draw client addresses from
# the server will be configured with x.x.x.1
# important: must not be used on your network
server 10.8.0.0 255.255.255.0
# push routes to clients to allow them to reach private subnets
# push "route 192.168.0.0 255.255.255.0"
push "route 172.16.2.0 255.255.255.0"
push "route 172.16.3.0 255.255.255.0"
# subnet behind a client: VPNCLIENT1
route 172.16.2.0 255.255.255.0
# subnet behind a client: VPNCLIENT2
route 172.16.3.0 255.255.255.0
Joel