Press "Enter" to skip to content

Decentral name resolution for multiple VPNs

        I've setup a number of Wireguard VPN tunnels and have a subset of them active at any point in time. Over time, IP addresses on the concentrator are changing. This makes clients trying to reach other clients cumbersome, as the information which identity is reachable at which IP address is only typically available to the concentrator itself.
I want some kind of decentral DNS resolution that ideally works out-of-the-box with Linux systems. On the concentrator some service needs to run which can resolve/respond to name queries. For example, if I have VPN1 active I want to be able to simply
$ ping host1.vpn1
$ ping host2.vpn1
And those names would automatically be resolved by the concentrator serving the "vpn1" domain. I've not seen this functionality before, but think LLMNR or mDNS could possibly be solutions, although I'm not sure multicast works over the PtP IP tunnel Wireguard provides. What is the easiest way to achieve this without having to maintain "client-lists" (e.g., /etc/hosts) on every client?

Be First to Comment

Leave a Reply