Messages

1

Virtual private networks / Re: Can't join domain over OpenVPN connection

« on: June 15, 2024, 05:18:58 am »

OK, here's how I resolved it for anyone attempting something of this nature.

I configured a VPN connection on our local LAN DNS server to the remote LAN, then created a forward lookup zone in DNS for the remote domain name. After creating it, I went into the Name Server (NS) entry which was currently set to the local LAN DC/DNS server and changed it to the remote LAN DNS server's FQDN. When adding its IP address in the entry, it successfully resolved to it.
 
After doing this, I was able to join the new server to the remote domain. I restarted it, but it took quite a while to login, probably trying to resolve to the remote DC without the VPN. Then I tried promoting it to DC once the VPN was up but had resolution problems again, this time with the OpenVPN client, It wouldn’t connect. I tested the remote A record it was configured to use with NSLOOKUP, it wouldn’t resolve. To fix this, I simply went into the VPN NIC properties on the new server and set the DNS server client settings to 8.8.8.8. After this it resolved successfully, and I was able to promote the new server to DC.

2

Virtual private networks / Re: Can't join domain over OpenVPN connection

« on: June 12, 2024, 03:11:33 am »

The full story is this.

We are building a server on our office LAN to replace a customer's DC. We are actually going to host this new DC here and ultimately replace their current DC at their business site (lots of home users as well). The users are all going to remote in to a new RDP server that we will also be building and hosting here. So we want to bring this server up on our office LAN and join/promote to DC over the VPN connection to the remote site with the current DC. We will then move FSMO roles over to the new server at final cutover and demote the current DC.

Our office LAN has it's own DC and domain totally unrelated to the customer from a Windows domain perspective.

I don't know enough about Windows OS networking to full understand how network communication happens when there are multiple adapters on a desktop, the main NIC and VPN adapter, how requests go out over a network in respect to those two adapters' IPs, default gateways and DNS server settings.

Anyway, I'm looking into your last post, thanks.

3

Virtual private networks / Re: Can't join domain over OpenVPN connection

« on: June 11, 2024, 02:02:38 pm »

Subnets in AD...relevance?

Allowing LDAP/Kerberos? ... and needed for a simple join DC request???

Clocks are in sync.

I've tried all combination of manual and dhcp assigning of DNS servers in NIC to try to resolve DC. Not happening, but can ping DC, so it's not a routing issue, it's a DNS issue.

4

Virtual private networks / Can't join domain over OpenVPN connection

« on: June 11, 2024, 07:16:20 am »

Hi all,

I am trying to join a server to a remote domain through an OpenVPN connection. There's an OPNSENSE box at the remote domain configured to accept my VPN connections successfully. Once connected, I can ping the remote DC but there's a DNS resolution issue.

In the OPNSENSE firewall > VPN > OpenVPN > Servers - Server settings, I've designated the DNS server IP of the DC LAN in the 'DNS Servers' section of the Client Settings section.

What I don't understand is, if I do an ipconfig /all on my remote computer where my OpenVPN connection is, the IP settings for the OpenVPN adapter don't show any DNS server configurations.

Along with this, I've tried just about everything I can think off, setting static DNS settings for the OpenVPN NIC, using HOSTS file etc, nothing is allowing my remote computer to resolve to the remote DC when trying to join its domain.

Any help appreciated.