How to Configure OpenVPN DNS Resolution for Workplace LAN Hostname Access


3 views

When connecting through OpenVPN to a workplace LAN, hostname resolution often fails even when IP connectivity works perfectly. This occurs because:

  • The VPN client's DNS queries don't reach the workplace DNS server
  • Local hostname resolution (like NetBIOS) doesn't traverse the VPN tunnel
  • The VPN's virtual interface isn't properly integrated with the DNS subsystem

To make workplaceserver resolve to 10.100.1.1 on VPN clients, we need these OpenVPN server configuration directives:

push "dhcp-option DNS 192.168.101.1"  # Workplace DNS server
push "dhcp-option DOMAIN corp.example.com"  # Internal domain
push "register-dns"
push "route 192.168.101.0 255.255.255.0"
client-to-client

For Windows clients, add these to your server config:

script-security 2
dhcp-option 6 192.168.101.1
dhcp-option 15 "corp.example.com"
register-dns
block-outside-dns

For smaller deployments, manually mapping hostnames in C:\Windows\System32\drivers\etc\hosts works:

10.100.1.1    workplaceserver
10.100.1.1    workplaceserver.corp.example.com

Test your setup with these commands on the VPN client:

nslookup workplaceserver
nslookup workplaceserver 192.168.101.1
ipconfig /flushdns
ping workplaceserver

For complex environments, configure conditional forwarding in your workplace DNS server:

# Example Windows DNS Server configuration
Add-DnsServerConditionalForwarderZone 
   -Name "corp.example.com" 
   -MasterServers 192.168.101.1 
   -PassThru

When establishing a VPN connection between disparate networks (192.168.101.0/24 workplace and 192.168.1.0/24 home in this case), hostname resolution often breaks due to:

  • Split DNS namespaces (workplace.local vs home.local)
  • Different IP addressing schemes between physical and VPN networks
  • Windows NetBIOS name resolution limitations

Your server configuration (openvpn-server.conf) needs these critical directives:

# Force client DNS settings
push "dhcp-option DNS 10.100.1.1"
push "dhcp-option DOMAIN workplace.local"
push "register-dns"

# Maintain original hostnames
client-config-dir ccd
script-security 2

Create client-specific configuration files in the ccd directory. For a client named laptop1:

# ccd/laptop1
ifconfig-push 10.100.1.2 255.255.255.0
push "dhcp-option DNS 192.168.101.50"
push "dhcp-option DOMAIN-SEARCH workplace.local"

On Windows clients, enhance name resolution with these PowerShell commands:

# Add VPN DNS suffix
Add-DnsClientNrptRule -Namespace "workplace.local" -NameServers "10.100.1.1"

# Disable NetBIOS over TCP/IP
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces" -Name NetbiosOptions -Value 2

After connecting, verify resolution with:

nslookup workplaceserver
ping workplaceserver.workplace.local
Get-DnsClientNrptPolicy | ft -AutoSize

For advanced cases where the workplace uses Active Directory, consider adding:

push "dhcp-option WINS 192.168.101.50"
push "dhcp-option NTP 192.168.101.50"