Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hostname instead of IP on VPN Server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hostname instead of IP on VPN Server

punkstar69punkstar69 Member
edited May 2014 in Help

If we set up a vpn server by default, clients who are using it seem to have an unresolvable IP as host. We would like to have a hostname instead of this. What steps we need to take in order to assign the vhost and make it available for use and forced by default to VPN clients instead of IP ?
Example if we set up the vpn server on VPS with ip 1.1.1.1 (fqdn test.domain.com), user that will use this vpn will be recognized by his IP. We would like him to be recognized by test.domain.com. *Something related to psyBNC function, but for VPN.

Comments

  • You can't do that unless the connecting client has reverse DNS set for their home IP.

  • Well, this is being achieved in psybnc service with vhosts. User can choose his vhost. Isnt there such a way to do it for connecting vpn clients?

  • hoczajhoczaj Member

    I do not really understand what do you want to achieve.

    Do you want to set reverseDNS and DNS for private network (lan) ?

    If so, setup a DNS server, set the VPN server to push this as default name server.

    And for 192.168.1.100 you can set a reverse record

    100.1.168.192.in-addr.arpa. = test.domain.com

    and

    test.domain.com = 192.168.1.100

    Thanked by 1punkstar69
  • We want the vpn client user to get a hostname instead of IP. Client should get his host transformed to client.company.com once he connect to our VPN server instead of using his provider hostname.

    Example: User with host customer2.location.massey.ac.nz would have his hostname transformed to vpnclient1.company.com

    What actions we need to do in order for our company.com's domain be ready for use with our VPN?

  • hoczajhoczaj Member
    edited May 2014

    Oh now I think I see. :)

    So, you want to change his appearance on the internet (thats why you mentioned psyBNC), not for the internal IP.

    First, you need some more IPs, if you want to give every customer an unique hostname (because that's require an unique IP).

    Then you have to assign an each IP to each client. (You can do by NAT or Bridging)

    I do not know what VPN software are you planning to use so cannot give advice about that until you let me know.

  • @hoczaj said:
    Oh now I think I see. :)

    So, you want to change his appearance on the internet (thats why you mentioned psyBNC), not for the internal IP.

    First, you need some more IPs, if you want to give every customer an unique hostname (because that's require an unique IP).

    Then you have to assign an each IP to each client. (You can do by NAT or Bridging)

    I do not know what VPN software are you planning to use so cannot give advice about that until you let me know.

    Exactly! Sorry for the misunderstanding.
    Well all i want is to transform the main IP to a resolvable hostname
    So i guess that if my fqdn is correct and if i have set an in-addr.arpa pointing to my ip from the hostname needed and force vpn software to give this hostname to clients, they would be publically visible with the hostname, right?

    I plan to use openvpn, but facing also some troubles after setup ( ref. http://lowendtalk.com/discussion/27329/tun-module-problem ) <- it seems that its not my lucky day :-)

  • VPNVPN Member

    As far as my understanding on rDNS goes, if you have PTR setup correctly then it will show the hostname instead of IP without any further work doing on the VPN software.

  • hoczajhoczaj Member
    edited May 2014

    @OkieDoke yes, you are correct. It is not the openVPN application level. :)

    @punkstar69

    https://openvpn.net/index.php/open-source/documentation/howto.html (ccd part)

    Multiple public ips to each client

    ccd/sysadmin1

    ifconfig-push 10.8.1.1 10.8.1.2

    ccd/contractor1

    ifconfig-push 10.8.2.1 10.8.2.2

    ccd/contractor2

    ifconfig-push 10.8.2.5 10.8.2.6

    And you can NAT the public IPs to these private IPs. (If you're going with NAT and not bridge)

    iptables -t nat -A POSTROUTING -s 10.8.2.2 -o eth0 -j SNAT --to X.X.X.10 --proto all


    iptables -t nat -A PREROUTING -d 10.8.2.2 -j DNAT --to X.X.X.10 --proto all

    iptables -t nat -A POSTROUTING -s 10.8.2.6 -o eth0 -j SNAT --to X.X.X.11 --proto all


    iptables -t nat -A PREROUTING -d 10.8.2.6 -j DNAT --to X.X.X.11 --proto all

    ecetera.

    ***EDIT: @punkstar69 just realised, that you only want to use the main IP, and not assigning unique public IP to each client. (Anyway, if ever happens to that you would like to achieve that, I left the first part of the comment untouched.)

    So in this case, it is really easy. You can go with random private IP for each client.

    And yes, you need to request a reverseDNS setting for your main ip address. Your provider should handle this, not you, if you do not have a option for rDNS at the Control Panel. So open a ticket, request a rDNS.

    single (shared) ip for each client

    And to shape the previous iptables settings to the shared public IP situation, you can go with 10.8.0.0 private ip range:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j SNAT --to x.x.x.x --proto all


    iptables -t nat -A PREROUTING -d 10.8.0.0/16 -j DNAT --to x.x.x.x --proto all

    x.x.x.x is your public (main) ip.

  • @hoczaj said:
    OkieDoke yes, you are correct. It is not the openVPN application level. :)

    punkstar69

    https://openvpn.net/index.php/open-source/documentation/howto.html (ccd part)

    Multiple public ips to each client

    ccd/sysadmin1

    ifconfig-push 10.8.1.1 10.8.1.2

    ccd/contractor1

    ifconfig-push 10.8.2.1 10.8.2.2

    ccd/contractor2

    ifconfig-push 10.8.2.5 10.8.2.6

    And you can NAT the public IPs to these private IPs. (If you're going with NAT and not bridge)

    iptables -t nat -A POSTROUTING -s 10.8.2.2 -o eth0 -j SNAT --to X.X.X.10 --proto all


    iptables -t nat -A PREROUTING -d 10.8.2.2 -j DNAT --to X.X.X.10 --proto all

    iptables -t nat -A POSTROUTING -s 10.8.2.6 -o eth0 -j SNAT --to X.X.X.11 --proto all


    iptables -t nat -A PREROUTING -d 10.8.2.6 -j DNAT --to X.X.X.11 --proto all

    ecetera.

    ***EDIT: punkstar69 just realised, that you only want to use the main IP, and not assigning unique public IP to each client. (Anyway, if ever happens to that you would like to achieve that, I left the first part of the comment untouched.)

    So in this case, it is really easy. You can go with random private IP for each client.

    And yes, you need to request a reverseDNS setting for your main ip address. Your provider should handle this, not you, if you do not have a option for rDNS at the Control Panel. So open a ticket, request a rDNS.

    single (shared) ip for each client

    And to shape the previous iptables settings to the shared public IP situation, you can go with 10.8.0.0 private ip range:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j SNAT --to x.x.x.x --proto all


    iptables -t nat -A PREROUTING -d 10.8.0.0/16 -j DNAT --to x.x.x.x --proto all

    x.x.x.x is your public (main) ip.

    Thanks.
    Well there will be 1 ip on the machine, its fine for me to use it for all clients.
    The main problem is how will this IP be transformed to hostname.

    At this time, with no configuration, if i do a lookup at the client using openvpn, his appearence on the internet is an IP address. I would like to check this to a hostname, containing my domain name.

    Is
    100.1.168.192.in-addr.arpa. = test.domain.com
    record, enought to do so?

  • hoczajhoczaj Member

    @punkstar69 who is your provider? As I said, you have to request that change with your server's ip address.

  • @hoczaj said:
    punkstar69 who is your provider? As I said, you have to request that change with your server's ip address.

    I use a cpanel for managing my DNS

  • hoczajhoczaj Member
    edited May 2014

    @punkstar69 But who is your Dedicated Server or VPS provider? :)

  • Add a new A record that points to test.domain.com

  • DeanDean Member

    Then get your provider to also set rDNS at their end :)

  • punkstar69punkstar69 Member
    edited May 2014

    They have done so already. I confirmed this. However, when i check the visibility of my computer on internet, IP is shown.

  • VPNVPN Member

    @punkstar69 how are you checking the visibility of your computer on the internet?

  • @VPN said:
    punkstar69 how are you checking the visibility of your computer on the internet?

    Tried some tools, they successfully show my PTR record. However, when i use services like IRC, IP is getting priority instead of hostname. Example: user [email protected]

    If i disconnect from vpn service and use my local ISP, i get user [email protected]

  • VPNVPN Member
    edited May 2014

    Just so we're clear the, go to network-tools.com and put your public VPS/Dedi IP in the box and hit return.

    On the right is it successfully translating the IP to a hostname like this:

    IP address: 87.98.254.195

    Host name: pingplay.co.uk

    or is it showing something like this:

    IP address: 178.32.51.172

    No host name is associated with this IP address or no reverse lookup is configured.

  • It shows the correct PTR record. PTR is fine, this is not my problem.

    How does an ISP forcing hostname instead of IP on IRC services?
    I want to use the same method for IRC Services.

  • hoczajhoczaj Member

    Did you try another IRC server? Because irc servers usually are caching these informations. :)

    And you can confirm the PTR record by doing: whois and the hostname: whois vica-versa.

    Thanked by 1punkstar69
  • Oh. It was finally a caching issue, yes. Everything works fine. Thank you all guys for your support.

  • hoczajhoczaj Member

    Cheers! :)

Sign In or Register to comment.