Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cluster Member Server needs to be able to use a FQDN, not just IP for the Public field #1917

Open
2 tasks
officialh1 opened this issue Oct 13, 2023 · 2 comments
Open
2 tasks

Cluster Member Server needs to be able to use a FQDN, not just IP for the Public field #1917

officialh1 opened this issue Oct 13, 2023 · 2 comments

Comments

@officialh1
Copy link

Hi, there!

Thank you for using SoftEther.

Before you submit an issue, please read the following:

Is this a question? NO

  • If the answer is "yes", then please ask your question on www.vpnusers.com.
    The issue section on GitHub is reserved for bugs and feature requests.

  • If the answer is "no", please read the following:

We provide a template which is specifically made for bug reports, in order to be sure that the report includes enough details to be helpful.

Please use or adapt it as needed.

Prerequisites

  • Can you reproduce? YES
  • Are you running the latest version of SoftEtherVPN? YES

SoftEther version: 5.02
Component: SERVER
Operating system: Windows
Architecture: 64 bit

[In case it's a computer with known specs, such as the Raspberry Pi, you can specify it omitting the details.]
Processor: Intel 13th Gen/Not significant

Description

This has become a problem with modern firewalls.

Firewalls way back would need IPs to unblock with ports
Firewalls yesterday would take FQDNs and look them up and allow them with specific ports
Firewalls today REQUIRE the FQDN to be in the request

Some IT Admins are okay with allowing entire IP to communicate, some insist on requiring a hostname.

This causes a situation in a cluster mode it will break and VPN will not establish (I have not tested with a single server). I need the Public IP to also allow a FQDN and the requests need to use the FQDN

Expected behavior:
[What you expected to happen]

Allow entry of a FQDN and instruct the client to use the same FQDN

Actual behavior:
[What actually happened]

Only Public IP is available

Steps to reproduce

Manage the VPN Server
Enter Clustering Configuration
Set to Cluster Member Server
[you can only set a Public IP, needs to also allow Public FQDN]
@officialh1
Copy link
Author

For a test scenario, you can use pfSense (firewall for the client side) and only allow communication to the FQDNs set for the controller and cluster members.

(client location: VPN Client | pfSense)--(other network)--(VPN Server[vpn.domain.com]/Cluster Member[member.domain.com])

pfSense allows client to FQDNs (https://vpn.domain.com and https://member.domain.com)

In pfSense use Aliases to set up the hostnames to use, then you can use them (the aliases) in the Rules.

@officialh1
Copy link
Author

officialh1 commented Nov 7, 2023
edited

Having looked at the code, this is likely harder than requested I am guessing. The IP is converted to int32?? then stored (at least in memory?) this way. Should a separate method be used or should it all just be converted to string?

Code files identified so far involved: Network.c, Pack.c, Admin.c, Server.c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@officialh1