Join Log in
Score:0
avatar Server

How to dynamically update dnsmasq with openvpn clients

eg flag
bob mcgrath

I have openvpn working, and I can ping via hostnames if they are in the dnsmasq hostfile, but currently I put them in the hostfile with a learn-address script. The problem is that this script only gets the common name from the cert and I want to use actual hostnames given by the client because I am using the same cert for some of my clients. All the solutions I have found use some sort of workaround, and I am assuming there is an official way to do this that does not involve me manually entering ip addresses and hostnames into a file and hoping that everything stays where it is.

For reference, here are my configs.

server.conf

port 1194
proto udp6
dev tun
user root
group root
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.9.0.1"
push "dhcp-option DOMAIN mylocaldomain.lan"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
#Respond to DNS = Yes
#Advertise DNS to client = Yes
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
duplicate-cn
client-to-client
#script-security 3
#learn-address /etc/openvpn/learn-script.sh
verb 9

client.ovpn

client
proto udp
explicit-exit-notify
remote xxx.xxx.xxx.xxx 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#ignore-unknown-option block-outside-dns
#setenv opt block-outside-dns # Prevent Windows 10 DNS leak
push "redirect-gateway def1"
push "route-gateway dhcp"
dhcp-option DNS 10.9.0.1
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
verb 3

dnsmasq.conf

interface=tun0
addn-hosts=/tmp/hosts-openvpn

Since dns works, it just doesn't update automatically, I think the issue is that dhcp is not getting the hostname info in the first place, but I'm not sure where to go from here.

20
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.