Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No DNS resolution over (Open)VPN of Synology NAS in a Windows Server 2016 (DNS, DHCP, DC) and Sophos UTM environment

Brabs Grog

Hello guys,

I have a DNS resolution issue:

The NAS has a VPN-Connection with the Sophos UTM and I can access it via my Windows Server using the IP giving from the VPN-Pool (10.242.2.X).
The problem is that I want to use a FQDN name like NAS.domain.local and the resolution of this should be the VPN-Pool-IP. But now I get the local 192.168.178.X IP, which is in the fritzbox-network.

I also use a OpenVPN-connection for my Windows 10 laptop and there the resolution works (LAPTOP.domain.local gives me a VPN-Pool-IP), but I have to mention that for the Tunnel-Adapter I set the following option:

Can someone help me please?

Thanks!



This thread was automatically locked due to age.
  • 0

    Hi and welcome to the UTM Community!

    "But now I get the local 192.168.178.X IP, which is in the fritzbox-network."

    How about a simple diagram with IPs and connections?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
    • 0 in reply to BAlfson

      Hi Thanks!

       

      Ok I drawed this diagram:

      I hope the diagram is clear.

      My problem is that if I use nslookup for nas.company.local it resolve 192.168.178.51 (internal I want the VPN-IP). For my laptop (homelaptop.company.local) I get the VPN-IP (10.242.2.101).
      If you have question about the issue or the diagram pls ask :)

      Thanks for your help!

      • 0 in reply to Brabs Grog

        What happens if you uncheck 'Register this connection's addresses in DNS'?

        Cheers - Bob

         
        Sophos UTM Community Moderator
        Sophos Certified Architect - UTM
        Sophos Certified Engineer - XG
        Gold Solution Partner since 2005
        MediaSoft, Inc. USA
        • 0 in reply to BAlfson

          I did it and for my laptop I still get the correct DNS-resolution. It shows me the VPN-IP for nslookup laptop.company.local.

          What I also did is that the WindowsServer allows nonsecure DNS updates (like for my laptop which is NOT in the domain, but in the network):

          • in reply to Brabs Grog
            This reply was deleted.
            • 0 in reply to Brabs Grog

              Me again....

              Without the option the DNS resolution/registration doesn't work... (I did "nslookup laptop" and it shows me the NAS-IP because of false entries...)

              So for Windows I need this option!

               

              Edit:

              In Sophos UTM -> Network Protection I can see that several packets of the NAS-VPN-IP will be dropped:

              Service;Packets
              "HTTPS (tcp/443)";123
              "HTTP (tcp/80)";24
              "HOSTS2-NS (tcp/81)";5