Home VPN with DNS server
you have some servers at home (e.g. a kubernetes cluster) but you want to work with them at Starbucks or out in the green? Here is how to setup a VPN server in your home network with a DNS server that would resolve anything you want.
The DNS Server
Even if you don't need the VPN, you can set up a DNS server, that would resolve any host you want. Of course you can just put the hosts in the /etc/hosts file on every device, but that could be tricky if you have a lot of devices/VMs and change/add hosts frequently, or if you need them on a tablet/smart phone.
The following shows how to install and configure the DNS server bind9 on a Ubuntu Server. It could be a standalone server or a VM or even a Raspberry Pi.
bind9 is the DNS server that I am going to use. Here is how to install it:
Edit the file /etc/bind/named.conf.options and add:
You can use also your favourite DNS server, instead of Google. It will be used to resolve anything that your local DNS "does not know".
You can now do a quick test to make sure it works.
The expected output should looks like this:
If you execute the dig command again, it should be much faster:
(0msec vs 15msec)
open /etc/bind/named.conf and make sure these lines are not commented out:
Add a zone (and a reverse zone)
Now, we have to define our zones. Edit the file /etc/bind/named.conf.local and add:
I am assuming here, that the home network has the standard subnet 192.168.0.0/24.
Configure the zone db file
Next, we must add the zones' DB files, defined above. Starting with the zone db file, you can copy the local db file and edit it:
Above we configure the subdomains test.mydomain.com and test2.mydomain.com to local IPs and we let the real.mydomain.com be resolved by the Google's DNS server, so that the real IP of that domain is used. This is required, because when you define a zone in your DNS server, you take exclusive control over it. Anything that is not defined or forwarded would not be resolved, even if it is a real host, known by other DNS servers.
You can do much more in this configuration. If you need something specific, check the list of record types: https://en.wikipedia.org/wiki/List_of_DNS_record_types.
Configure the reverse db file
Similar to the zone db file, you can also copy the local reverse zone db file and edit it:
Just set the NS to the local server:
You can execute the following commands to verify your configuration files. No errors should be reported.
At this point your DNS server is configured and ready to use. Let's do some tests.
Edit /etc/resolve.conf and set (temporary) the DNS server to your local DNS server:
Then you can start "digging" the hosts defined above:
The VPN Server
There is a script that makes configuring OpenVPN very easy.
However, make sure the OS is up to date:
Download the script and run it
Here is an example how to configure it:
- "IPv4 address / hostname" should be the IP or hostname of your home network (here: vpn.myhostname.com). In case you don't have a static IP address you can use a DDNS like https://www.noip.com/ to get a hostname. Additionally, if you have a domain name of your own, you can configure it to resolve the subdomain, using the DDNS by CNAME.
- You can use any DNS from the list. In the next step we will configure it to use the local one.
- The client name should be something meaningful, e.g. "MyLaptop", "MyTablet", etc. In case you have many clients and you want to remove the access of one of them, it's easier to find out which one that is.
- The file listed above, /root/MyLaptop.ovpn, must be copied to your device in order to connect.
Add the Local DNS Server
Edit the file /etc/openvpn/server/server.conf and add this line "before all other DNSes":
where the IP is that of the local DNS server, configured above.
Run Again the Script to Create more Clients
As you might have noticed, you can also run the script to revoke clients.
Configure your Home Router
In order to be able to connect to the VPN server from the internet, you must configure your router to forward UDP requests on port 1194 to the Ubuntu Server, where you installed it.
Finally, restart the OpenVPN server:
Connect to the VPN
You can either use the apps, provided by OpenVPN or use the built-in VPN functionality of the device's OS, in case OpenVPN is supported.
You can download the OpenVPN client apps for Windows, MacOS, Android and iOS from here: https://openvpn.net/vpn-client/
You just have to import the ovpn file, created above and connect.