Hi All,
I'm using OpenVPN as built into a pfsense firewall. The OpenVPN server is serving many users, but I need to send a different DNS (and override/remove the default that is pushed to the other users of the server) for two specific clients when they connect.
I'm aware of the following on the server side:
push "dhcp-option DNS …"
And the following on the client side:
pull-filter "dhcp-option DNS …"
What I'm hoping to achieve is, from the server side only, use a 'client specific override' (presumably pfsense speak for some sort of dynamically generated client-config-dir files for each user CN) to tell these specific clients that when they connect, they should remove/ignore the default dns that is pushed by the server, and then subsequently use push dhcp-option dns … to point them to their correct DNS.
Anyone know of a way to achieve this on the pfsense implementation of OpenVPN?
Thanks
Push different DNS to specific users on the same server (pfSense OpenVPN)
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Feb 29, 2016 11:08 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Push different DNS to specific users on the same server (pfSense OpenVPN)
This is achieved on pfSense exactly the same way as any other OS.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Feb 29, 2016 11:08 am
Re: Push different DNS to specific users on the same server (pfSense OpenVPN)
Great though it is to hear that its achievable, could you elaborate in constructive manner as to how to achieve it?
For instance, how does one, from the server side, prevent the default DNS being pushed to a specific client when they connect?
More specifically, how do you do this in pfsense when the CCD folder doesn't appear to exist and seems to be dynamically generated from text entries within the Advanced section of the client specific overrides which, as far as I can tell, seem to only accept server side commands for a specific client of the server?
For instance, how does one, from the server side, prevent the default DNS being pushed to a specific client when they connect?
More specifically, how do you do this in pfsense when the CCD folder doesn't appear to exist and seems to be dynamically generated from text entries within the Advanced section of the client specific overrides which, as far as I can tell, seem to only accept server side commands for a specific client of the server?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Push different DNS to specific users on the same server (pfSense OpenVPN)
I could repeat the documentation but you'll just end up reading it twice ..Simple_One wrote: ↑Thu Nov 14, 2019 7:30 pmGreat though it is to hear that its achievable, could you elaborate in constructive manner as to how to achieve it?
I do not know how pfSense chose to do this but you can do this exactly as described in the documentation on openvpn. You just have to know how to use pfSense ..
Hint: Try a terminal ..
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: Push different DNS to specific users on the same server (pfSense OpenVPN)
server will know which client connect to it by comom name in certificate so basic you need to find out certificate of the client you want to put specific dns like this.Simple_One wrote: ↑Thu Nov 14, 2019 7:30 pmGreat though it is to hear that its achievable, could you elaborate in constructive manner as to how to achieve it?
For instance, how does one, from the server side, prevent the default DNS being pushed to a specific client when they connect?
More specifically, how do you do this in pfsense when the CCD folder doesn't appear to exist and seems to be dynamically generated from text entries within the Advanced section of the client specific overrides which, as far as I can tell, seem to only accept server side commands for a specific client of the server?
for example you got a client its common name certificate is jonh.
make an file withou extension name jonh , open the file and add like this,place this file in cdd folder and add full path to the server config
client-config-dir "/tmp/openvpn/ccd"
push "route 192.168.100.0 255.255.255.0"
push "dhcp-option WINS 192.168.20.1"
push "dhcp-option DNS 192.168.20.1 "
push "dhcp-option DOMAIN abc.co.uk"
when the client connect to server , server will check its name in cdd folder and load all infor in the file jonh and apply to that client.
it is more eazy if you can download winscp and make connect to the server and add that file .
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Push different DNS to specific users on the same server (pfSense OpenVPN)
Or use --push-remove in the client.
See --push-remove in the manual.
See --push-remove in the manual.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Feb 29, 2016 11:08 am
Re: Push different DNS to specific users on the same server (pfSense OpenVPN)
Okay thanks all. I'll read up on --push-remove, sounds like an interesting option.
The problem with pfsense, unless I'm doing it in the wrong spot is that it seems to overwrite/delete files that I'm putting in the CCD folder when you restart the firewall. I'll see if I work out how to get around that.
The problem with pfsense, unless I'm doing it in the wrong spot is that it seems to overwrite/delete files that I'm putting in the CCD folder when you restart the firewall. I'll see if I work out how to get around that.