This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No DNS resolution over (Open)VPN of Synology NAS in a Windows Server 2016 (DNS, DHCP, DC) and Sophos UTM environment

Hello guys,

I have a DNS resolution issue:

The NAS has a VPN-Connection with the Sophos UTM and I can access it via my Windows Server using the IP giving from the VPN-Pool (10.242.2.X).
The problem is that I want to use a FQDN name like NAS.domain.local and the resolution of this should be the VPN-Pool-IP. But now I get the local 192.168.178.X IP, which is in the fritzbox-network.

I also use a OpenVPN-connection for my Windows 10 laptop and there the resolution works (LAPTOP.domain.local gives me a VPN-Pool-IP), but I have to mention that for the Tunnel-Adapter I set the following option:

Can someone help me please?

Thanks!



This thread was automatically locked due to age.
  • Hi and welcome to the UTM Community!

    "But now I get the local 192.168.178.X IP, which is in the fritzbox-network."

    How about a simple diagram with IPs and connections?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Thanks!

     

    Ok I drawed this diagram:

    I hope the diagram is clear.

    My problem is that if I use nslookup for nas.company.local it resolve 192.168.178.51 (internal I want the VPN-IP). For my laptop (homelaptop.company.local) I get the VPN-IP (10.242.2.101).
    If you have question about the issue or the diagram pls ask :)

    Thanks for your help!

  • What happens if you uncheck 'Register this connection's addresses in DNS'?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I did it and for my laptop I still get the correct DNS-resolution. It shows me the VPN-IP for nslookup laptop.company.local.

    What I also did is that the WindowsServer allows nonsecure DNS updates (like for my laptop which is NOT in the domain, but in the network):

  • Me again....

    Without the option the DNS resolution/registration doesn't work... (I did "nslookup laptop" and it shows me the NAS-IP because of false entries...)

    So for Windows I need this option!

     

    Edit:

    In Sophos UTM -> Network Protection I can see that several packets of the NAS-VPN-IP will be dropped:

    Service;Packets
    "HTTPS (tcp/443)";123
    "HTTP (tcp/80)";24
    "HOSTS2-NS (tcp/81)";5