itsallkosher
Posts: 3
Joined: Mon Jan 08, 2018 1:11 am

Resolving Domain Names over VPN

Mon Jan 08, 2018 1:19 am

Hi experts! I just got a Raspberry Pi today and am loving this little box. My first goal is to set it up as a VPN server. I've got it all set up as an IPsec VPN using this awesome project here : https://github.com/hwdsl2/setup-ipsec-vpn

Everything works great and I have no connection issues. However, once I'm connected to my home network, which is a simple 192.168.1.x network, I am unable to use VNC, SSH, etc. when referring to the devices by their hostname. Manually typing IP address works great, though. The VPN clients are on a different subnet of 192.168.43.x. The DNS for the VPN server was just set to Google DNS servers (8.8.8.8 and 8.4.4.4). I edited the config so 192.186.1.1 (my router) was in the mix, but no luck.

I guess this is more of a networking issue than something specific to the Pi. Has anybody used their Raspberry Pi as a VPN like this? Maybe even using the same github project? Any insight? Thanks for any help! :D

drgeoff
Posts: 11372
Joined: Wed Jan 25, 2012 6:39 pm

Re: Resolving Domain Names over VPN

Mon Jan 08, 2018 2:03 pm

Not a RPi specific issue.

You expect Google's DNS to know the names and private IP addresses of the hosts on your LAN?

Add, or change one of those two DNS entries to, a DNS on your LAN which does know those things.
Quis custodiet ipsos custodes?

User avatar
topguy
Posts: 6882
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Resolving Domain Names over VPN

Mon Jan 08, 2018 2:22 pm

What kind of hostname/domainnames are you using ? Some DynDNS ones or a private domain ?

This sounds like a common problem with most ISP-routers. If the name-lookup points back to your routers external address it gets confused.

The destination address is not 192.168.x.x so it has to be sent out on the internet, but when it tries to leave the WAN interface after NAT'ing the packet has the same source and destination address. I'm not sure what the TCP/IP standard says should happen in this case but for most people it gets dropped by the router or by the ISP.

.

itsallkosher
Posts: 3
Joined: Mon Jan 08, 2018 1:11 am

Re: Resolving Domain Names over VPN

Mon Jan 08, 2018 4:34 pm

Thanks for the quick responses. I get that the VPN clients on the 43.x network can't see anything on the 1.x network. I tried editing the config so a DNS entry is 192.168.1.1 (the router), but with no success. I would think the VPN client would refer to the router which should be able to resolve hostnames on my home network. The RPi is 168.1.17, so it's on the "correct" subnet and when SSHing into the device I can use hostnames.

Is there some configuration on my router that needs to be done perhaps? Or are the VPN clients not even reaching out to the router for resolving hostnames? Thanks again for trying to help! It's been a few years since I've done anything in networking (hobby!) so I'm digging through my brain to remember this stuff! :)

EDIT: Maybe I need to set up the RPi as a DNS server, too? So it knows all of the 1.x hosts?

epoch1970
Posts: 5896
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Resolving Domain Names over VPN

Mon Jan 08, 2018 5:11 pm

The README on the project page you're linking to says
Important notes
...Clients are set to use Google Public DNS when the VPN is active. If another DNS provider is preferred, replace 8.8.8.8 and 8.8.4.4 in both /etc/ppp/options.xl2tpd and /etc/ipsec.conf. Then reboot your server.
In addition if you look at the script you're trusting to setup your private network (...), you should see in vpnsetup.sh around line 220:

Code: Select all

DNS_SRV1=${VPN_DNS_SRV1:-'8.8.8.8'}
DNS_SRV2=${VPN_DNS_SRV2:-'8.8.4.4'}
So I would suggest to either edit the generated files /etc/ppp/options.xl2tpd and /etc/ipsec.conf or edit the vpnsetup.sh script and re-run it, replacing 8.8.4.4 with 192.168.1.1. That should configure the system to use a public DNS server and your local one.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

itsallkosher
Posts: 3
Joined: Mon Jan 08, 2018 1:11 am

Re: Resolving Domain Names over VPN

Wed Jan 10, 2018 6:37 pm

Thanks guys, I have everything working correctly! I edited the two files as suggested by the project author and nothing happened originally. But I made the primary DNS server my local router and Google as the secondary and that did the trick. Thanks again for leading me in the right direction! :)

Return to “Networking and servers”