0

I have configured an OpenVPN server to give users remote access to internal company resources. Since the main purpose of this VPN is not to change/hide the users IP address, but to provide access to other devices, I haven't configured forced traffic redirection for clients, so it doesn't change the default network interface on their machines.

With this configuration, is it possible to force clients (mainly Windows, but also Linux) to change the default DNS server while connected to the OpenVPN server, so I can provide more human-friendly domain names to internal resources? My DNS server would likely be running on the same VM as OpenVPN, so the custom DNS address would be something like 10.8.0.1.

I could just make the clients run a script that adds the necessary entries to the hosts files, but I'm hoping that there is a better, more automated solution that can be managed centrally.

It's important to note that I do not want to redirect all the client's traffic through the VPN, as it would probably overload the server. I just want to expose internal resources with custom domain names.

For example, if a user opens http://git_server/ in their browser, that should be resolved to 10.8.0.64.

Lázár Zsolt
  • 133
  • 7

2 Answers2

1

Try the following options in your server profile (/etc/openvpn/server.conf):

push "dhcp-option DOMAIN your_domain.com"
push "dhcp-option ADAPTER_DOMAIN_SUFFIX your_domain.com"
push "dhcp-option DNS 10.8.0.1"

The first two ensure that your domain, rather than whatever your client's ISP has specified, is the search domain for non-FQDNs.

The last gives the client your DNS server.

wineguy
  • 86
  • 4
  • Thank you! Same question as for the other response, will these settings be applied automatically when a client connects/reconnects, or do I have to re-issue the .ovpn profiles if I make these changes? – Lázár Zsolt Jul 26 '22 at 14:06
  • 1
    You would not have to re-issue the profiles, but you WOULD need to bounce the instance: `systemctl restart openvpn@server` – wineguy Jul 27 '22 at 14:56
1

Since your DNS server have ip address 10.8.0.1, this option would solve your question.

push "dhcp-option DNS 10.8.0.1"

BUT Since this is the same VM as OpenVPN the right answer might be somewhere in your

server ip.ip.ip.ip mask.mask.mask.mask

directive. And, because of that, it's recommended to have one another machine with DNS server. Also, do not forget to push routes to your DNS server subnet or ip address.

push "route 10.8.0.0 255.255.255.0"
Ilya Lebedev
  • 36
  • 3
  • Sorry about the late comment. It looks like you are talking about a server side config. Does this mean that it can be changed without having to re-issue the .ovpn files? Are these settings automatically applied when a client connects or reconnects? – Lázár Zsolt Jul 26 '22 at 13:59
  • Exactly. You do not have to re-issue .ovpn files. DNS server and routes will be pushed to client upon connect. – Ilya Lebedev Jul 26 '22 at 17:00