Allow openvpn clients to access each other via hostname.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
bobwmcgrath
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Jun 01, 2022 2:56 pm
Allow openvpn clients to access each other via hostname.
I need a vps (preferable linode) to run an openvpn server, but it needs to bypass the openvpn dhcp and use a dhcp that will pass hostname information to a DNS that the clients will use. I have this working on my home network by bridging the tap interface, but the difficulty is that a vps does not normally have any sort of router that I can use. I am really surprised that I can't find step by step instructions on how to do this.
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Allow openvpn clients to access each other via hostname.
Hi Bob,
Linode, I think, generally targets the small user and hobbyist market. I've never known of anyone to build large-scale cloud deployments there.
AWS and GCP OTOH aim for the enterprise market, and you can have multiple server instances interconnected via their own internal networks. The AWS term for this is "VPC", virtual private cloud. They will give you certain control over your router managing connections among nodes in your VPC.
You sure can run your own DHCP server software on a Linode or other cloud server instance / VPS. A simple choice is dnsmasq(8), but that is aimed at single-segment home/SOHO networks. For more complex environments there is ISC's dhcpd(8) or the newer replacement, Kea. The former comes with a dhcrelay(8) for relaying DHCP traffic to a server which is not physically connected on the network where the clients are. (I don't know if Kea provides that, but dhcrelay can work with any DHCP server implementation that supports serving remote subnets.)
Bridging and tap are generally not recommended, for many reasons. I'm sure the wiki has pages to tell you why not. Your better approach is to use DNS and tun (routed) connections.
Again dnsmasq is a good choice for this, but not necessarily for dynamic DNS. You could manually list all your VPN clients in your /etc/hosts(5) file, and assign static IP addresses for VPN clients. That's probably the simplest choice (other than the not-recommended bridging + DHCP.)
Another choice for dynamic DNS is BIND named(8) and its included tool for RFC 2136 zone updates, nsupdate(8). That can do what I think you want, but would involve a steeper learning curve. (Note: any other RFC 2136-compatible tool can do zone updates for BIND.)
regards, rob0
Linode, I think, generally targets the small user and hobbyist market. I've never known of anyone to build large-scale cloud deployments there.
AWS and GCP OTOH aim for the enterprise market, and you can have multiple server instances interconnected via their own internal networks. The AWS term for this is "VPC", virtual private cloud. They will give you certain control over your router managing connections among nodes in your VPC.
You sure can run your own DHCP server software on a Linode or other cloud server instance / VPS. A simple choice is dnsmasq(8), but that is aimed at single-segment home/SOHO networks. For more complex environments there is ISC's dhcpd(8) or the newer replacement, Kea. The former comes with a dhcrelay(8) for relaying DHCP traffic to a server which is not physically connected on the network where the clients are. (I don't know if Kea provides that, but dhcrelay can work with any DHCP server implementation that supports serving remote subnets.)
Bridging and tap are generally not recommended, for many reasons. I'm sure the wiki has pages to tell you why not. Your better approach is to use DNS and tun (routed) connections.
Again dnsmasq is a good choice for this, but not necessarily for dynamic DNS. You could manually list all your VPN clients in your /etc/hosts(5) file, and assign static IP addresses for VPN clients. That's probably the simplest choice (other than the not-recommended bridging + DHCP.)
Another choice for dynamic DNS is BIND named(8) and its included tool for RFC 2136 zone updates, nsupdate(8). That can do what I think you want, but would involve a steeper learning curve. (Note: any other RFC 2136-compatible tool can do zone updates for BIND.)
regards, rob0
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support