New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hostname instead of IP on VPN Server
punkstar69
Member
If we set up a vpn server by default, clients who are using it seem to have an unresolvable IP as host. We would like to have a hostname instead of this. What steps we need to take in order to assign the vhost and make it available for use and forced by default to VPN clients instead of IP ?
Example if we set up the vpn server on VPS with ip 1.1.1.1 (fqdn test.domain.com), user that will use this vpn will be recognized by his IP. We would like him to be recognized by test.domain.com. *Something related to psyBNC function, but for VPN.
Comments
You can't do that unless the connecting client has reverse DNS set for their home IP.
Well, this is being achieved in psybnc service with vhosts. User can choose his vhost. Isnt there such a way to do it for connecting vpn clients?
I do not really understand what do you want to achieve.
Do you want to set reverseDNS and DNS for private network (lan) ?
If so, setup a DNS server, set the VPN server to push this as default name server.
And for 192.168.1.100 you can set a reverse record
100.1.168.192.in-addr.arpa. = test.domain.com
and
test.domain.com = 192.168.1.100
We want the vpn client user to get a hostname instead of IP. Client should get his host transformed to client.company.com once he connect to our VPN server instead of using his provider hostname.
Example: User with host customer2.location.massey.ac.nz would have his hostname transformed to vpnclient1.company.com
What actions we need to do in order for our company.com's domain be ready for use with our VPN?
Oh now I think I see.
So, you want to change his appearance on the internet (thats why you mentioned psyBNC), not for the internal IP.
First, you need some more IPs, if you want to give every customer an unique hostname (because that's require an unique IP).
Then you have to assign an each IP to each client. (You can do by NAT or Bridging)
I do not know what VPN software are you planning to use so cannot give advice about that until you let me know.
Exactly! Sorry for the misunderstanding.
Well all i want is to transform the main IP to a resolvable hostname
So i guess that if my fqdn is correct and if i have set an in-addr.arpa pointing to my ip from the hostname needed and force vpn software to give this hostname to clients, they would be publically visible with the hostname, right?
I plan to use openvpn, but facing also some troubles after setup ( ref. http://lowendtalk.com/discussion/27329/tun-module-problem ) <- it seems that its not my lucky day :-)
As far as my understanding on rDNS goes, if you have PTR setup correctly then it will show the hostname instead of IP without any further work doing on the VPN software.
@OkieDoke yes, you are correct. It is not the openVPN application level.
@punkstar69
https://openvpn.net/index.php/open-source/documentation/howto.html (ccd part)
Multiple public ips to each client
ccd/sysadmin1
ifconfig-push 10.8.1.1 10.8.1.2
ccd/contractor1
ifconfig-push 10.8.2.1 10.8.2.2
ccd/contractor2
ifconfig-push 10.8.2.5 10.8.2.6
And you can NAT the public IPs to these private IPs. (If you're going with NAT and not bridge)
iptables -t nat -A POSTROUTING -s 10.8.2.2 -o eth0 -j SNAT --to X.X.X.10 --proto all
iptables -t nat -A PREROUTING -d 10.8.2.2 -j DNAT --to X.X.X.10 --proto all
iptables -t nat -A POSTROUTING -s 10.8.2.6 -o eth0 -j SNAT --to X.X.X.11 --proto all
iptables -t nat -A PREROUTING -d 10.8.2.6 -j DNAT --to X.X.X.11 --proto all
ecetera.
***EDIT: @punkstar69 just realised, that you only want to use the main IP, and not assigning unique public IP to each client. (Anyway, if ever happens to that you would like to achieve that, I left the first part of the comment untouched.)
So in this case, it is really easy. You can go with random private IP for each client.
And yes, you need to request a reverseDNS setting for your main ip address. Your provider should handle this, not you, if you do not have a option for rDNS at the Control Panel. So open a ticket, request a rDNS.
single (shared) ip for each client
And to shape the previous iptables settings to the shared public IP situation, you can go with 10.8.0.0 private ip range:
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j SNAT --to x.x.x.x --proto all
iptables -t nat -A PREROUTING -d 10.8.0.0/16 -j DNAT --to x.x.x.x --proto all
x.x.x.x is your public (main) ip.
Multiple public ips to each client
single (shared) ip for each client
Thanks.
Well there will be 1 ip on the machine, its fine for me to use it for all clients.
The main problem is how will this IP be transformed to hostname.
At this time, with no configuration, if i do a lookup at the client using openvpn, his appearence on the internet is an IP address. I would like to check this to a hostname, containing my domain name.
Is
100.1.168.192.in-addr.arpa. = test.domain.com
record, enought to do so?
@punkstar69 who is your provider? As I said, you have to request that change with your server's ip address.
I use a cpanel for managing my DNS
@punkstar69 But who is your Dedicated Server or VPS provider?
Add a new A record that points to test.domain.com
Then get your provider to also set rDNS at their end
They have done so already. I confirmed this. However, when i check the visibility of my computer on internet, IP is shown.
@punkstar69 how are you checking the visibility of your computer on the internet?
Tried some tools, they successfully show my PTR record. However, when i use services like IRC, IP is getting priority instead of hostname. Example: user [email protected]
If i disconnect from vpn service and use my local ISP, i get user [email protected]
Just so we're clear the, go to network-tools.com and put your public VPS/Dedi IP in the box and hit return.
On the right is it successfully translating the IP to a hostname like this:
or is it showing something like this:
It shows the correct PTR record. PTR is fine, this is not my problem.
How does an ISP forcing hostname instead of IP on IRC services?
I want to use the same method for IRC Services.
Did you try another IRC server? Because irc servers usually are caching these informations.
And you can confirm the PTR record by doing: whois and the hostname: whois vica-versa.
Oh. It was finally a caching issue, yes. Everything works fine. Thank you all guys for your support.
Cheers!