In addition to the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post – DNS settings example.
We have the ci.example.com domain, which has to be resolved to its Public IP (of the AWS EC2 instance) if it’s requested from thу Internet – or to its Private IP – if requested via a VPN connection.
To achieve this – you can use the
dnsmasq service installed on the OpenVPN AS host.
$ sudo apt -y install dnsmasq
/etc/dnsmasq.hosts file with hardcoded Private IPs for necessary services:
10.0.5.10 ci.example.com 172.31.36.107 nexus-repo.example.com 10.0.3.105 rabbitadmin-production.example.com 10.0.1.6 monitor.example.com
Next – update
/etc/dnsmasq.conf file and add the
addn-hosts option so it will look like next:
listen-address=127.0.0.1 listen-address=10.0.10.4 bind-interfaces log-queries addn-hosts=/etc/dnsmasq.hosts
root@openvpnas2:~# service dnsmasq restart
root@openvpnas2:~# dig @localhost ci.example.com +short 10.0.5.10
Now go to your OpenVPN’s admin page => VPN Settings and set the Have clients use specific DNS servers to Yes:
In the Primary DNS Server field set your EC2’s Private IP where is your OpenVPN server running.
Restart your VPN connection on a workstation:
$ sudo openvpn --config vpnroot-client.ovpn ... Fri Feb 22 16:53:58 2019 /usr/bin/ip link set dev tun0 up mtu 1500 Fri Feb 22 16:53:58 2019 /usr/bin/ip addr add dev tun0 172.27.240.25/20 broadcast 172.27.255.255 Fri Feb 22 16:53:58 2019 /etc/openvpn/update-resolv-conf tun0 1500 1553 172.27.240.25 255.255.240.0 init dhcp-option DNS 10.0.10.4 ...
$ cat /etc/resolv.conf # Generated by resolvconf nameserver 10.0.10.4
Check DNS resolution:
$ dig ci.example.com +short 10.0.5.10
And any other:
$ dig google.com +short 22.214.171.124 126.96.36.199 188.8.131.52
UPD: But there is much more correct solution using DNS resolution via AWS Peerings.
- 02/21/2019 OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration (0)
- 03/02/2019 Arch Linux: OpenVPN – resolv.conf is not updated (0)
- 02/22/2019 OpenVPN: настройки DNS и dnsmasq (0)
- 02/21/2019 OpenVPN: настройка OpenVPN Access Server и AWS VPC peering (0)
- 03/02/2019 Arch Linux: OpenVPN – не обновляется resolv.conf (0)
Does front-end development as a we know it still exist; or has the role evolved into something we no longer recognise? As with evolution in nature, the evolution of "front-end" has resulted in several distinct flavours --- and in my opinion --- an identity crisis.