Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect 1.3/1.4 no entry in local DNS

Sophos Connect 1.4 ist working well and using our internal Windows DNS servers and can resolve our hosts correctly. But:

  • There is no DNS entry of the connected clients in our Windows DNS, so I can not ping the VPN clients from inside our LAN by their hostnames. Pinging the client's IP leased by Sophos XP works.

  • With SSL VPN Client that works. After a client connects by VPN, there is a DNS entry with hostname on our DNS server and I am able to ping the hostname from our LAN.

Does someone know how to solve this?



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Ramesh

    I described the my problem in detail in my post from October 25 above. My only problem is that the VPN clients do not register at our DNS server. So I can not resolve any VPN clients from my internal network. It's not the same behaviour like we had with the SSL VPN Client where all clients register on our DNS server.

    So again:

    • From client side everything is okay. VPN client machines can resolve everything in our LAN.
    • I can not ping a connected VPN client machine from LAN by hostname (but pinging by IP address works). 
    • No name resolution of the VPN clients (from LAN) because of missing DNS entry in Windows DNS Server for the connected VPN client machines.

    Best Regards
    Marc 

  • I have the same problem. The reason is probably that the Sophos Connect client create a network connection without "Register this connection in DNS" option selected and therefore Windows does not even try to register received VPN address on the domain DNS server. When I manually selected this option in the tcp connection advanced properties, everything worked fine.


    Unfortunately, automating activation of this option is not easy. Microsoft does not provide any gpo policy for this. I only found this command in powershell:
    Set-DNSClient -InterfaceAlias 'VPN Name' -RegisterThisConnectionsAddress:$True
    but they should be started only after setting up the VPN connection.

    But the best solution would be simply to improve the VPN client.

  • Thank you Michal. We have planned a fix for this in Sophos Connect 2.0 release in Q1 2020.

     

    Happy New Year to you

    Best Wishes,

    Ramesh 

  • I just hope that the improved version of the client will also be available for the older version of Sophos XG Firewall 17.x, because as I have sadly learned recently, the new version 18 will not support devices of the Cyberoam iNG series .... :-(

    Waiting for a new client, I found a solution. I created a new scheduled task that started with a 30s delay after detecting event 4004 in the Microsoft/Windows/NetworkProfile event log. His action is a one-line command with the following content:
    powershell Get-NetAdapter -InterfaceDescription "Sophos*" | Where-Object {$_.Status -eq 'Up'} | Set-DnsClient -RegisterThisConnectionsAddress:$True; Register-DNSClient

    Happy New Year.