openvpn dhcp to bind9

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Filipes
OpenVpn Newbie
Posts: 2
Joined: Fri Feb 14, 2020 10:20 am

openvpn dhcp to bind9

Post by Filipes » Fri Feb 14, 2020 10:26 am

Hi community,
I can't figure out how to make dhcp range frm openvpn clinets write to my bind dns server (Some kind of DDNS). I can ping openvpn clients from my internal network only via IP address not by name.
I allow openvpn dhcp range in acl internals on my bind server but this was not help. Is there any how to rewrite cong which put openvpn dhcp address of clients to my bind9 entries ?
Thank you for any help.

TiTex
OpenVPN Super User
Posts: 289
Joined: Tue Apr 12, 2011 6:22 am

Re: openvpn dhcp to bind9

Post by TiTex » Fri Feb 14, 2020 4:37 pm

you can use a client connect script with nsupdate

Filipes
OpenVpn Newbie
Posts: 2
Joined: Fri Feb 14, 2020 10:20 am

Re: openvpn dhcp to bind9

Post by Filipes » Mon Feb 17, 2020 5:53 am

Hello thank you for reply.
Could you tell me more about or show some configuratioof howto.
Thank you.

TiTex
OpenVPN Super User
Posts: 289
Joined: Tue Apr 12, 2011 6:22 am

Re: openvpn dhcp to bind9

Post by TiTex » Tue Feb 18, 2020 4:43 pm

Hi , i don't have a configuration example but it would be basic shell scripting.
Some high level info... you need to
1. Configure your vpn server with something like

Code: Select all

script-security 2
learn-address /path/to/executable-script
Note: not sure here if you should use learn-address config option, there are other options too ... you'll have to ask about that from somebody else.

2. Configure your bind/named server to allow ddns for the zone you want , here's an excellent guide for ubuntu/debian https://dnns.no/dynamic-dns-with-bind-and-nsupdate.html

When a client connects to your vpn server , three positional parameters are sent to your script
add client-vpn-ip client-username/client-cert-common-name
this can be parsed with any scripting/programming language , bash probably being the simpler one , and use nsupdate to update your dns zone

Some basic starting point

Code: Select all

#!/bin/bash


DNS_SERVER="localhost"
DDNS_KEY="/path/to/ddns.key"
DNS_ZONE="domain.tld"
DNS_IP="$2"
DNS_NAME="$3"
DNS_TTL="300"

nsupdate -k "${DDNS_KEY}" -v <(cat <<EOF
server ${DNS_SERVER}
zone ${DNS_ZONE}
update add ${DNS_NAME}.${DNS_ZONE} ${DNS_TTL} A ${DNS_IP}
show
send
EOF
)

Post Reply