[Freedombox-discuss] Internal DNS, VPN and dynamic DNS.

[A. F. Cano]

At this point I have dynamic DNS working well with a freedombox.rocks
sub-domain, and I don't want to mess it up.

Internally, I've been using /etc/hosts but that's getting cumbersome, so
I've been thinking of using the BIND app of the FreedomBox.  Installed it
but I can't start it.  I'm also not sure what to put in the "Forwarders"
field.  Right now DNS requests are being forwarded to the FreedomBox and
beyond by what I've put into /etc/network/interfaces on the internal
machines.

Also installed OpenVPN, but I can't seem to configure the client on a test
laptop running Debian stable.  I did download the profile and installed
openvpn, openvpn-auth-ldap, gadmin-openvpn-client, network-manager-openvpn,
network-manager-openvpn-gnome.

After some attempt at configuration with gadmin-openvpn-client, which failed
claiming that some server certificates had to be entered first, it also messed
up something in the networking of that laptop, which had a fresh install
without any /etc/hosts file or any change to /etc/network/interfaces.  All
networking was done automatically with network-manager and it worked great.
In fact it probably found some dns server in the cable modem and I was able
to connect by name to other internal machines.  That stopped as soon as I
started testing openvpn.  Even after I stopped OpenVPN on the FreedomBox, the
new behavior on the new laptop continues.  I did import the <user>.ovpn
config file generated by the FreedomBox OpenVPN app into
gadmin-openvpn-client.

Incidentally, the <user>.ovpn profile file was generated with the local
name:

remote <local name of the FreedomBox>.local 1194

which I changed to

remote <sub-domain>.freedombox.rocks 1194

The latter can be pinged and accessed internally as well as from outside.

It used to be that this ping returned a ping from the FreedomBox.  Since
I installed OpenVPN, now disabled, the pings return from a comcast.net
address. WTF ???

$ ping <sub-domain>.freedombox.rocks
PING <sub-domain>.freedombox.rocks (73.160.195.4) 56(84) bytes of data.
64 bytes from c-73-160-195-4.hsd1.nj.comcast.net (73.160.195.4): icmp_seq=1 ttl=63 time=1.07 ms
64 bytes from c-73-160-195-4.hsd1.nj.comcast.net (73.160.195.4): icmp_seq=2 ttl=63 time=0.956 ms

If I were to get OpenVPN working from an external laptop, how would my
internal machines (with their 192.168.x.x IPs) be found from the external
laptop connecting through VPN?  Would that require BIND running on the
FreedomBox?

Assuming that FreedomBox BIND is not incompatible with dynamic DNS, I would
also like to give it some hint as to what IPs to assign to the different
internal machines, kind of like an /etc/hosts file on the freedombox.  How
can that be done?  That would give me the equivalent of static IP addresses
that would have to be maintained in one place only.

Installing OpenVPN has really messed things up.  How can I fix this the way it
was, or get OpenVPN to work?  I'm especially concerned that packets that
should remain local to the FreedomBox are now being returned by comcast,
probably the modem, but why?  Since I don't have much control over the modem
(it is now more locked up than before, probably due to some upgrade they did
without my knowledge) I'd like internal packets to remain internal.

What are those server certificates that gadmin-openvpn-client requires?
I would have thought that importing the <user>.ovpn file would be sufficient.

Please help!

Augustine