I am looking for a solution with which distributed clients can easily reach each other via the internet.
For this I have set up an OpenVPN server to which all clients connect. If I connect myself to the server, I can reach all devices via IP.
What is a (recommended) network structure to provide name resolution for the connected clients?
Or do you have a better solution with which I can easily reach my distributed devices (call them by name)?
Using OpenVPN in tun mode (which is the more common mode, and logical choice here) means that OpenVPN assigns a second IP address to each connected device, and clients can reach each other through the openvpn server assigned IP
It is easy enough to ensure that Openvpn assigns a non-changing address to each client. There are multiple mechanisms whereby this can be done including the use of a shared pool of space which openvpn tracks and stores - the ifconfig-pool-persist directive (just ensure the number if clients is less then the pool size and the pool file is backed up) - or create a specific configuration file per client using ifconfig-push statements on the server.
Its worth pointing out that if you are using pki (private key infrastructure) - which makes sense in most environments, the user name/client name is the name specified un the subject name on the cert.
Once you have the static IPs defined you can define them in your DNS. How you do this is dependant on your DNS configuration and can be as simple as hard coding these. Alternatively Openvpn provides a hook "lean-address" which will run a script - with $1 $2 and $3 being yhe name of the action, ip and username-per-subject-cert and can be used to modify your dns as appropriate to your environment.
