1

I have an OpenVPN server running in an AWS VPC and I can ping my servers over the tunnel via their private IP, so from that perspective it's working.

Some of our servers have public DNS names server.example.io and I'd like OpenVPN clients to be able to reach the servers using their DNS names over the tunnels. For example, one of our servers has a UI and rather than typing the private IP of the server in the browser, they should be able to reach the server over the tunnel using the public domain name.

Is this possible? We are using the OpenVPN Access Server AMI.

Caledonia91
  • 383
  • 2
  • 10

3 Answers3

1

Yes, this is possible.

You can create a private DNS zone for example.io using AWS route53 in the AWS VPC where your openvpn server is running. Then you can point server.example.io to the private IP of the instance. By default in AWS VPC, if a private DNS zone is present, it gets the preference. If the DNS record is not present, then it goes out of VPC for DNS resolution.

So, when your users are connected to the VPN, they all will be in the same network of AWS VPC. Hitting server.example.io will resolve to private IP and requests will be routed internally within VPN tunnel.

NOTE: If you are using multiple VPC or your server.example.io is in another VPC, you may need to add routes for that in your VPN configuration.

Samit
  • 1,021
  • 6
  • 11
0

Try to add your public IP to OpenVPN routing/network, if your DNS name is using a static public IP. So OpenVPN will add a route to the client. But you need to add another route that routes from OpenVPN instance to the server.example.io to go through internal network.

Can
  • 29
  • 1
  • 4
0

I think you should use split tunnel in order to let client resolve to the public DNS. Or add the recode on the hosts file of OpenVPN server to let it resolve the record.

N.Kaewkhat
  • 1