Openvpn server can ping via IP but not via hostname

I have a vserver (Ubuntu 14.04.2 LTS) on which I run OpenVPN. Nearly everything works really fine: Clients can reach other clients via their IP's AND names (I had to modify the clients conf with "script-security 2", "up/down /etc/openvpn/update-resolv-conf" and had to write a small script that enters/updates dns-entries, to achieve client-name-resolving).

The only problem is, that my server does not provide name resolving: On my server I can ping clients via "ping 10.8.0.2" but "ping clientname" results in "unknown host" (while "ping clientname" works if I am doing this from one of my clients).

I know that this must be a DNS related issue but I cannot get rid of it. When I took a look in my resolv.conf I see:

nameserver 80.X.X.X
nameserver 80.X.X.X

Oh, okay the local nameserver seems to be missing. My thought was to edit resolv.conf. I tried several entries ("127.0.0.1, 127.0.1.1, 10.8.0.1") none of it worked (after restarting the openvpn service).

I also tried to edit /etc/dhcp/dhclienf.conf and add "prepend domain-name-servers 127.0.0.1" (and rebooted) but it also made no difference.

My server.conf looks like this:

proto udp6

dev tun

ca   ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/xxx.xxx.crt
key  ./easy-rsa2/keys/xxx.xxx.key

dh   ./easy-rsa2/keys/dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

#this is a script that configures dns-entries for clients
client-connect "/etc/openvpn/scripts/learn-address.sh"
script-security 3 system

push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DOMAIN name.domain"

client-to-client

keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log
log-append  openvpn.log

verb 3

Can someone point out what I am doing wrong? I cannot be the first one with this problem. I think it is a usual behaviour that the server on which openvpn runs also wants to talk to clients via names not only IP's.


Solution 1:

Do you have a DNS server installed? OpenVPN doesn't provide any name resolution functionality. You need to run a separate DNS server on your server (or add something like push "dhcp-option DNS 8.8.8.8" to your server's configuration. OpenVPN only updates the zone/hosts file over the learn-script.

Please take a look at this link.

That's a learn-script that updates the hosts file when a client connects or disconnects. It uses dnsmasq as a DNS server.

Solution 2:

I installed resolvconf (via apt-get install resolvconf). Then I configured the "/etc/resolvconf/head"-file and added "nameserver 10.8.0.1" as DNS-server. It seems to be important to do this in the head-file (so that 10.8.0.1 is the first nameserver in the list) and not in the tail-file! I also tried it with the tail file but got wrong results.

Now I can reach all of my VPN-hosts via <vpn-hostname>.<domainname>.