Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 10734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Architecting DNS for users with 2 SSL-VPN connections to 2 UTM's on separate sites

Craig Bird

Hi we have an interesting scenario, We have clients using the OpenVPN client to connect to multiple (2) client sites (both UTM's) at the same time, although once we connect we have DNS issues. All users are remote and so its not viable to have an Internal DNS server in the office and although local host files work they are a pain to setup on everyone's machine.

As they are separate clients we don't want to connect the sites together, and I'm not sure what other options we have to fix DNS resolution for both sites when connected to both, any suggestions would be great.

Thanks,

 



This thread was automatically locked due to age.
Parents
  • 0

    There is no better DNS configuration.   You want a way to say that tunnel A uses split tunnel networking and is only used for DNS for COMPANYA.LOCAL.  
    UTM does not provide this feature, and I wonder if alternatives would either.

    It is apparently a happy accident that you have no IP address conflicts.  In the general case without coordination, this should be expected as well.

    Politically, if Org A and Org B have not seen fit to create a tunnel between them, I don't think it is appropriate for User C, perhaps a vendor to both, to create a VPN tunnel without their full knowledge and consent.

    What could be done, with cooperation from both organizations, is a VPN client connection to company A, coupled with a VPN tunnel from A to B that is only open to the Company A IP Pool Address range.

  • 0 in reply to DouglasFoster

    Hi Douglas,

    Thank you for your detailed response, the "client sites" are actually cloud hosted enclaves with just a couple of servers, but as these are separate clients we cannot create a site to site between the client enclaves. We have architected this in a way that there is no overlapping IP ranges. We have permissions for our admin team to VPN into each enclave but due to the nature of the work they need to connect simultaneously that seems to work fine, but causes DNS issues.

    I was hoping there was an easier solution, we can get this working with local host file configuration but its a PITA to manage for many users, and I was hoping for something simpler, unfortunately we cant have an internal DNS server as all employees are WFH.

    Any other thoughts with this info in mind?

     

     

Reply
  • 0 in reply to DouglasFoster

    Hi Douglas,

    Thank you for your detailed response, the "client sites" are actually cloud hosted enclaves with just a couple of servers, but as these are separate clients we cannot create a site to site between the client enclaves. We have architected this in a way that there is no overlapping IP ranges. We have permissions for our admin team to VPN into each enclave but due to the nature of the work they need to connect simultaneously that seems to work fine, but causes DNS issues.

    I was hoping there was an easier solution, we can get this working with local host file configuration but its a PITA to manage for many users, and I was hoping for something simpler, unfortunately we cant have an internal DNS server as all employees are WFH.

    Any other thoughts with this info in mind?

     

     

Children
No Data
Unfiltered HTML