This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN issue with DNS on Windows 10

Some (but not all) of our Windows 10 users are having a DNS problem when connecting to our local internal network via SSL VPN.

The IP range for our internal network is 192.168.31.0/24. SSL VPN users all get addresses in the 10.242.2.0/24 range.

Our UTM provides DNS services for local network. We have several internal servers which are ONLY accessible from the LAN, or from an SSL VPN connection to the LAN. They have only private IP addresses.

Here's the problem. Our Windows 10 users (again, only some of them) connect successfully to the VPN. They then try to connect to one of our local servers via an IP name (for example, "projectserver.mydomain.com" which points to, for example, 192.168.31.4). The specific error varies, depending on what application they're using, but basically, it's an "NXDOMAIN" error.

The error occurs because, even though they're connected to the VPN, their PC has prioritized their regular (non-VPN) network connection. So when an app on their computer requests a domain name address, the request goes to their normal internet connection to a public DNS server, not over the VPN to our UTM's DNS server. The UTM knows about "projectserver.mydomain.com", but the public DNS server does not, hence the error.

If the user happens to know the numeric IP address (say, 192.168.31.4), they can type that in instead of projectserver.mydomain.com, and it works.

In Windows 7 and earlier, this was never a problem for us. If the SSL VPN connection was active, it was always prioritized and got all DNS requests. With Windows 10, it doesn't always work that way. This may well be a Windows problem and not a UTM problem, but either way, there must surely be a fix by now. Does any one have any suggestions?



This thread was automatically locked due to age.
Parents
  • Thanks, Bob. In reading the thread, I note that the problem was supposed to have been fixed in UTM firmware version 9.316. Do you know if that actually happened? I haven't had the problem myself, so I can't really test. It may be that our users who are experiencing the problem are still using older versions of the SSL VPN software. If I can just direct them to log back into the user portal and download the current version, that's going to be the easiest solution. (We're running 9.354-4.)
Reply
  • Thanks, Bob. In reading the thread, I note that the problem was supposed to have been fixed in UTM firmware version 9.316. Do you know if that actually happened? I haven't had the problem myself, so I can't really test. It may be that our users who are experiencing the problem are still using older versions of the SSL VPN software. If I can just direct them to log back into the user portal and download the current version, that's going to be the easiest solution. (We're running 9.354-4.)
Children
  • Please let us know if that resolved the issue for them, Bruce.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I don't know if it's resolved or not. We had a whole flurry of issues with this when a bunch of our users upgraded to Windows 10. Most of them "solved" the problem by switching to using the dotted-decimal IP addresses for our local servers. (Which will continue to work as long as we don't move any of our servers to new IP addresses.)  In the last several weeks, we haven't had any more instances of the problem. If it does come up again, I'll get them to re-download the client software and see if that solved the problem.