This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect IPsec DNS suffix not working

I am in the process of setting up an XG 135 with remote IPsec VPN access and it is working apart from the DNS suffix.

I have configured the "DNS server 1" to our local DNS server in the "IPsec (remote access)" tab within Configure/VPN. I have also configured "Assign client DNS suffix".

When I connect to the VPN using Sophos Connect, I can see that a new "Ethernet 2" adapter of type "Sophos TAP Adapter" is created. If I look at the TCP/IP properties for this adapter I can see that the DNS server has been populated with the one that I configured in "DNS server 1". However, the DNS suffix is not populated anywhere.

The result of this is that I can ping hosts using their IP address or fully qualified host name. I cannot ping using just the host name until I manually configure the DNS suffix.

I have also been testing the equivalent scenario with SSL VPN and I get the desired behaviour with it. Ideally both kinds of VPN would behave the in the same way as it would make the setup simpler to explain to users.

The XG 135 has SFOS 18.0.4 MR-4 and I am using Sophos Connect v2.0.34.0910.

It seems like a software issue to me in Sophos Connect but maybe I am missing something. Unfortunately I have had very painful experiences with Sophos Support over the past few weeks where they remain largely unresponsive and wait a week between emails. I don't know if they monitor these forums but I don't imagine I'm the only one to have experienced this.



This thread was automatically locked due to age.
Parents
  • Hello Alan,

    Thank you for contacting the Sophos Community.

    Make sure under IPsec (Remote Access) in Advances Settings you configured the DNS Suffix.

    Or if you’re using the Admin Tool you should have that option available too.

    If you confirmed it is configured, please share the output of ipconfig /all and the Open VPN Log from the IPsec client.

    Additionally, if you could share your Case IDs I can follow-up.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    I have confirmed that the DNS suffix is being set in advanced settings. It is also populated in the corresponding "domain_suffix" field in the SCX file.

    The requested Open VPN log file and ipconfig output is pasted at the end of my message (note that I have obfuscated the private information). I can see that there is an entry "Adding DNS server *.*.*.* to the TAP adapter" but nothing for the DNS suffix. I note in the ipconfig output that the DNS suffix is being set in the physical Ethernet adapter but not "Sophos TAP Adapter". If I set this manually then the problem is solved.

    The associated case ID is 03662180.

    Regards,

    Alan

    Open VPN Log

    2021-02-24 06:29:22AM 00[DMN] Starting IKE service charon-svc (strongSwan 5.8.0, Windows Client 6.2.9200 (SP 0.0)
    2021-02-24 06:29:22AM 00[LIB] TAP-Windows driver version 1.0 available.
    2021-02-24 06:29:24AM 00[LIB] opened TUN device: {03B132B9-C308-473C-A808-4B307D996FD3}
    2021-02-24 06:29:24AM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-libipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
    2021-02-24 06:29:24AM 00[JOB] spawning 16 worker threads
    2021-02-24 06:30:36AM 08[CFG] loaded certificate 'C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*'
    2021-02-24 06:30:36AM 14[CFG] loaded RSA private key
    2021-02-24 06:30:36AM 09[CFG] loaded EAP shared key with id 'IPsec_VPN-user-id' for: '*'
    2021-02-24 06:30:37AM 08[LIB] TAP-Windows driver version 1.0 available.
    2021-02-24 06:30:37AM 17[KNL] interface 10 'Sophos TAP Adapter' changed state from Down to Up
    2021-02-24 06:30:39AM 08[CFG] added vici connection: IPsec_VPN
    2021-02-24 06:30:39AM 15[CFG] vici initiate CHILD_SA 'IPsec_VPN-tunnel-1'
    2021-02-24 06:30:39AM 12[IKE] <IPsec_VPN|1> initiating Main Mode IKE_SA IPsec_VPN[1] to *.*.*.*
    2021-02-24 06:30:39AM 12[ENC] <IPsec_VPN|1> generating ID_PROT request 0 [ SA V V V V V ]
    2021-02-24 06:30:39AM 12[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60170] to *.*.*.*[500] (180 bytes)
    2021-02-24 06:30:39AM 14[NET] <IPsec_VPN|1> received packet: from *.*.*.*[500] to *.*.*.*[60170] (180 bytes)
    2021-02-24 06:30:39AM 14[ENC] <IPsec_VPN|1> parsed ID_PROT response 0 [ SA V V V V V ]
    2021-02-24 06:30:39AM 14[IKE] <IPsec_VPN|1> received XAuth vendor ID
    2021-02-24 06:30:39AM 14[IKE] <IPsec_VPN|1> received DPD vendor ID
    2021-02-24 06:30:39AM 14[IKE] <IPsec_VPN|1> received Cisco Unity vendor ID
    2021-02-24 06:30:39AM 14[IKE] <IPsec_VPN|1> received FRAGMENTATION vendor ID
    2021-02-24 06:30:39AM 14[IKE] <IPsec_VPN|1> received NAT-T (RFC 3947) vendor ID
    2021-02-24 06:30:39AM 14[CFG] <IPsec_VPN|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
    2021-02-24 06:30:39AM 14[ENC] <IPsec_VPN|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
    2021-02-24 06:30:39AM 14[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60170] to *.*.*.*[500] (396 bytes)
    2021-02-24 06:30:39AM 10[NET] <IPsec_VPN|1> received packet: from *.*.*.*[500] to *.*.*.*[60170] (396 bytes)
    2021-02-24 06:30:39AM 10[ENC] <IPsec_VPN|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
    2021-02-24 06:30:39AM 10[IKE] <IPsec_VPN|1> local host is behind NAT, sending keep alives
    2021-02-24 06:30:39AM 10[IKE] <IPsec_VPN|1> remote host is behind NAT
    2021-02-24 06:30:39AM 10[IKE] <IPsec_VPN|1> sending cert request for "C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*"
    2021-02-24 06:30:39AM 10[IKE] <IPsec_VPN|1> authentication of '*' (myself) successful
    2021-02-24 06:30:39AM 10[ENC] <IPsec_VPN|1> generating ID_PROT request 0 [ ID SIG CERTREQ N(INITIAL_CONTACT) ]
    2021-02-24 06:30:39AM 10[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (492 bytes)
    2021-02-24 06:30:40AM 10[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (92 bytes)
    2021-02-24 06:30:40AM 10[IKE] <IPsec_VPN|1> queueing TRANSACTION request as tasks still active
    2021-02-24 06:30:40AM 10[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (1248 bytes)
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> parsed ID_PROT response 0 [ FRAG(1) ]
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> received fragment #1, waiting for complete IKE message
    2021-02-24 06:30:40AM 10[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (388 bytes)
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> parsed ID_PROT response 0 [ FRAG(2/2) ]
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> received fragment #2, reassembled fragmented IKE message (1564 bytes)
    2021-02-24 06:30:40AM 10[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (1564 bytes)
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> parsed ID_PROT response 0 [ ID CERT SIG ]
    2021-02-24 06:30:40AM 10[IKE] <IPsec_VPN|1> received end entity cert "C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*"
    2021-02-24 06:30:40AM 10[CFG] <IPsec_VPN|1> using trusted ca certificate "C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*"
    2021-02-24 06:30:40AM 10[CFG] <IPsec_VPN|1> reached self-signed root ca with a path length of 0
    2021-02-24 06:30:40AM 10[CFG] <IPsec_VPN|1> using trusted certificate "C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*"
    2021-02-24 06:30:40AM 10[IKE] <IPsec_VPN|1> signature validation failed, looking for another key
    2021-02-24 06:30:40AM 10[CFG] <IPsec_VPN|1> using certificate "C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*"
    2021-02-24 06:30:40AM 10[CFG] <IPsec_VPN|1> using trusted ca certificate "C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*"
    2021-02-24 06:30:40AM 10[CFG] <IPsec_VPN|1> reached self-signed root ca with a path length of 0
    2021-02-24 06:30:40AM 10[IKE] <IPsec_VPN|1> authentication of '*' with RSA_EMSA_PKCS1_NULL successful
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> parsed TRANSACTION request 1617305693 [ HASH CPRQ(X_USER X_PWD) ]
    2021-02-24 06:30:40AM 10[ENC] <IPsec_VPN|1> generating TRANSACTION response 1617305693 [ HASH CPRP(X_USER X_PWD) ]
    2021-02-24 06:30:40AM 10[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (108 bytes)
    2021-02-24 06:30:40AM 08[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (92 bytes)
    2021-02-24 06:30:40AM 08[ENC] <IPsec_VPN|1> parsed TRANSACTION request 3800724176 [ HASH CPS(X_STATUS) ]
    2021-02-24 06:30:40AM 08[IKE] <IPsec_VPN|1> XAuth authentication of '*' (myself) successful
    2021-02-24 06:30:40AM 08[IKE] <IPsec_VPN|1> IKE_SA IPsec_VPN[1] established between *.*.*.*[*]...*.*.*.*[*]
    2021-02-24 06:30:40AM 08[IKE] <IPsec_VPN|1> scheduling rekeying in 15259s
    2021-02-24 06:30:40AM 08[IKE] <IPsec_VPN|1> maximum IKE_SA lifetime 16789s
    2021-02-24 06:30:40AM 08[ENC] <IPsec_VPN|1> generating TRANSACTION response 3800724176 [ HASH CPA(X_STATUS) ]
    2021-02-24 06:30:40AM 08[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (92 bytes)
    2021-02-24 06:30:40AM 08[ENC] <IPsec_VPN|1> generating TRANSACTION request 1032921756 [ HASH CPRQ(ADDR DNS) ]
    2021-02-24 06:30:40AM 08[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (92 bytes)
    2021-02-24 06:30:40AM 12[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (92 bytes)
    2021-02-24 06:30:40AM 12[ENC] <IPsec_VPN|1> parsed TRANSACTION response 1032921756 [ HASH CPRP(ADDR DNS) ]
    2021-02-24 06:30:40AM 12[IKE] <IPsec_VPN|1> Adding DNS server *.*.*.* to the TAP adapter
    2021-02-24 06:30:40AM 12[IKE] <IPsec_VPN|1> *.*.*.* not in servers list, doing add
    2021-02-24 06:30:40AM 12[IKE] <IPsec_VPN|1> installing new virtual IP *.*.*.* on interface {D2363435-F785-4B9C-A2BB-585A373628D6}
    2021-02-24 06:30:40AM 12[KNL] <IPsec_VPN|1> Adding virtual IP *.*.*.*
    2021-02-24 06:30:40AM 12[KNL] <IPsec_VPN|1> *.*.*.* added to addresses list
    2021-02-24 06:30:40AM 12[KNL] <IPsec_VPN|1> *.*.*.* is not yet assigned to the virtual adapter - adding
    2021-02-24 06:30:40AM 12[ENC] <IPsec_VPN|1> generating QUICK_MODE request 4252074050 [ HASH SA No KE ID ID ]
    2021-02-24 06:30:40AM 12[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (460 bytes)
    2021-02-24 06:30:41AM 14[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (460 bytes)
    2021-02-24 06:30:41AM 14[ENC] <IPsec_VPN|1> parsed QUICK_MODE response 4252074050 [ HASH SA No KE ID ID ]
    2021-02-24 06:30:41AM 14[CFG] <IPsec_VPN|1> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> CHILD_SA IPsec_VPN-tunnel-1{1} state change: CREATED => INSTALLING
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> using AES_CBC for encryption
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> using HMAC_SHA2_256_128 for integrity
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> adding inbound ESP SA
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> SPI 0xf3ad3a05, src *.*.*.* dst *.*.*.*
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> adding outbound ESP SA
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> SPI 0xc0e683fe, src *.*.*.* dst *.*.*.*
    2021-02-24 06:30:41AM 14[KNL] <IPsec_VPN|1> installing route *.*.*.*/24 src *.*.*.* gateway 169.254.128.128 dev {03B132B9-C308-473C-A808-4B307D996FD3}
    2021-02-24 06:30:41AM 14[IKE] <IPsec_VPN|1> CHILD_SA IPsec_VPN-tunnel-1{1} established with SPIs f3ad3a05_i c0e683fe_o and TS *.*.*.*/32 === *.*.*.*/24
    2021-02-24 06:30:41AM 14[CHD] <IPsec_VPN|1> CHILD_SA IPsec_VPN-tunnel-1{1} state change: INSTALLING => INSTALLED
    2021-02-24 06:30:41AM 14[ENC] <IPsec_VPN|1> generating QUICK_MODE request 4252074050 [ HASH ]
    2021-02-24 06:30:41AM 14[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (76 bytes)
    2021-02-24 06:30:42AM 12[CFG] vici initiate CHILD_SA 'IPsec_VPN-tunnel-2'
    2021-02-24 06:30:42AM 16[ENC] <IPsec_VPN|1> generating QUICK_MODE request 3711713333 [ HASH SA No KE ID ID ]
    2021-02-24 06:30:42AM 16[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (460 bytes)
    2021-02-24 06:30:42AM 09[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (460 bytes)
    2021-02-24 06:30:42AM 09[ENC] <IPsec_VPN|1> parsed QUICK_MODE response 3711713333 [ HASH SA No KE ID ID ]
    2021-02-24 06:30:42AM 09[CFG] <IPsec_VPN|1> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> CHILD_SA IPsec_VPN-tunnel-2{2} state change: CREATED => INSTALLING
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> using AES_CBC for encryption
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> using HMAC_SHA2_256_128 for integrity
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> adding inbound ESP SA
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> SPI 0xd4b4435e, src *.*.*.* dst *.*.*.*
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> adding outbound ESP SA
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> SPI 0xcc758271, src *.*.*.* dst *.*.*.*
    2021-02-24 06:30:42AM 09[KNL] <IPsec_VPN|1> installing route *.*.*.*/18 src *.*.*.* gateway 169.254.128.128 dev {03B132B9-C308-473C-A808-4B307D996FD3}
    2021-02-24 06:30:42AM 09[IKE] <IPsec_VPN|1> CHILD_SA IPsec_VPN-tunnel-2{2} established with SPIs d4b4435e_i cc758271_o and TS *.*.*.*/32 === *.*.*.*/18
    2021-02-24 06:30:42AM 09[CHD] <IPsec_VPN|1> CHILD_SA IPsec_VPN-tunnel-2{2} state change: INSTALLING => INSTALLED
    2021-02-24 06:30:42AM 09[ENC] <IPsec_VPN|1> generating QUICK_MODE request 3711713333 [ HASH ]
    2021-02-24 06:30:42AM 09[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (76 bytes)
    2021-02-24 06:30:55AM 17[KNL] 169.254.14.131 disappeared from interface 10 'Sophos TAP Adapter'
    2021-02-24 06:31:15AM 10[NET] <IPsec_VPN|1> received packet: from *.*.*.*[4500] to *.*.*.*[60171] (108 bytes)
    2021-02-24 06:31:15AM 10[ENC] <IPsec_VPN|1> parsed INFORMATIONAL_V1 request 170494998 [ HASH N(DPD) ]
    2021-02-24 06:31:15AM 10[ENC] <IPsec_VPN|1> generating INFORMATIONAL_V1 request 742490634 [ HASH N(DPD_ACK) ]
    2021-02-24 06:31:15AM 10[NET] <IPsec_VPN|1> sending packet: from *.*.*.*[60171] to *.*.*.*[4500] (108 bytes)

    ipconfig output

    C:\Users\Alan>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : DESKTOP-K1CIGVR
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : *.*.*

    Ethernet adapter Ethernet 2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Sophos TAP Adapter
    Physical Address. . . . . . . . . : 00-FF-28-DE-26-2D
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::357a:cb46:4180:4661%10(Preferred)
    IPv4 Address. . . . . . . . . . . : *.*.*.*(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 167837480
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-B1-76-7E-08-00-27-DB-FE-28
    DNS Servers . . . . . . . . . . . : *.*.*.*
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . : *.*.*
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
    Physical Address. . . . . . . . . : 08-00-27-DB-FE-28
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::e029:f00b:1b45:7b5a%6(Preferred)
    IPv4 Address. . . . . . . . . . . : *.*.*.*(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 28 July 2020 06:25:14
    Lease Expires . . . . . . . . . . : 25 February 2021 07:47:28
    Default Gateway . . . . . . . . . : *.*.*.*
    DHCP Server . . . . . . . . . . . : *.*.*.*
    DHCPv6 IAID . . . . . . . . . . . : 101187623
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-B1-76-7E-08-00-27-DB-FE-28
    DNS Servers . . . . . . . . . . . : *.*.*.*
    *.*.*.*
    NetBIOS over Tcpip. . . . . . . . : Enabled

  • Hello Alan,

    Thank you for the follow-up and the Case ID.

    I noticed you’re using internal.something-else.com, so I tried to replicate, but I got the DNS Sufix, I am using the same Sophos Connect version as you’re, could you please delete the current Sophos Connect connection and import a new one. 

    If the issue persist I could share the EAP 2.1 to see if that solves the issue,  is this happening to all the computers?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    When you say that you got the DNS suffix, was it applied to the "Sophos TAP Adapter"? It is being applied to my physical Ethernet adapter but I need to add it manually to "Sophos TAP Adapter" to get it to work.

    It is happening on any computer but I tried your suggestion of deleting and importing a new connection and it didn't make any difference.

    Note that I am testing the XG 135 at home before it goes into production at the office. This is really the last stumbling block and I'd like to be able to simply direct our users to the Sophos Connect installer and configuration file and that be all that they need to do. Therefore, I'd certainly be keen to try EAP 2.1.

    Regards,

    Alan

  • Hello Alan,

    Thank you for the follow-up.

    Yes, it’s added to the TAP adapter.

    I will send you via PM the EAP 2.1

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    Thank you for providing the EAP version. I can confirm that it made no difference.

    However, after you said that the TAP adapter had been updated in your test I did some more experiments.

    These are the original two test machines that I have been using:

    Test Machine A (Windows 10 build 18363.1379, desktop with Ethernet)
    Test Machine B (Windows 10 build 19041.264, VM with NAT network adapter)

    This morning I introduced two more test machines:

    Test Machine C (Windows 10 build 15063.1387, laptop with Wi-Fi)
    Test Machine D (Windows 10 build 19041.804, desktop with Ethernet)

    Test Machine A has VirtualBox installed whilst Test Machine D has VMware installed. Both of these create virtual network adapters. Test Machine C has no virtualisation software installed.

    To my surprise Test Machine C populated the DNS suffix on the TAP adapter. Worth noting that it is running quite an old version of Windows 10. However, I don’t think this is relevant. Test Machine B is a VirtualBox VM and normally I run my VMs with a NAT adapter but I tried changing it to a bridged adapter and this allowed the DNS suffix to be set.

    I was beginning to think that VirtualBox may be involved so I tried uninstalling it from Test Machine A and then reinstalling Sophos Connect. However, this made no difference.

    I had hoped to provide a definitive pattern to you but unfortunately it still seems a bit random. Hopefully it will make it a bit easier for you to reproduce. I think it is clear that it is a software issue at the client end so I we’re probably going to have to deploy it with the manual workaround for now.

    Regards,
    Alan

Reply
  • Hi Emmanuel,

    Thank you for providing the EAP version. I can confirm that it made no difference.

    However, after you said that the TAP adapter had been updated in your test I did some more experiments.

    These are the original two test machines that I have been using:

    Test Machine A (Windows 10 build 18363.1379, desktop with Ethernet)
    Test Machine B (Windows 10 build 19041.264, VM with NAT network adapter)

    This morning I introduced two more test machines:

    Test Machine C (Windows 10 build 15063.1387, laptop with Wi-Fi)
    Test Machine D (Windows 10 build 19041.804, desktop with Ethernet)

    Test Machine A has VirtualBox installed whilst Test Machine D has VMware installed. Both of these create virtual network adapters. Test Machine C has no virtualisation software installed.

    To my surprise Test Machine C populated the DNS suffix on the TAP adapter. Worth noting that it is running quite an old version of Windows 10. However, I don’t think this is relevant. Test Machine B is a VirtualBox VM and normally I run my VMs with a NAT adapter but I tried changing it to a bridged adapter and this allowed the DNS suffix to be set.

    I was beginning to think that VirtualBox may be involved so I tried uninstalling it from Test Machine A and then reinstalling Sophos Connect. However, this made no difference.

    I had hoped to provide a definitive pattern to you but unfortunately it still seems a bit random. Hopefully it will make it a bit easier for you to reproduce. I think it is clear that it is a software issue at the client end so I we’re probably going to have to deploy it with the manual workaround for now.

    Regards,
    Alan

Children