This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN issue with DNS on Windows 10 - reloaded

Hi all,

I´m referencing to the closed thread here:

https://community.sophos.com/utm-firewall/f/vpn-site-to-site-and-remote-access/74757/ssl-vpn-issue-with-dns-on-windows-10

Said shortly, we´ve got exactly the same problem - and no resolution.

DNS resolution seems not to go over the ssl-vpn-connection.

I´ve already done the following to work around this issue:

- Use OpenVPN Client (Version 2.5.0-I601)
- Changed the Adapter-Order in the Registry (Tcpip\Linkage ...)
- Added the internal domain-name in the suffix list of the VPN-Network-Adapter in Windows
- Changed the DNS-Config on the UTM under Remote Access -> Advanced: Entered the Gateway IP-Address of the VPN-SSL Pool as the first DNS-Server and the domain name field contains the internal domain name.

Behaviour after the mentioned configuration:

nslookup serverxyz  -> Resolution works
nslookup serverxyz.domainname.local -> Resolution works
ping <ip-address of Server> -> Response OK
ping <netbios-name of Server> -> Response not ok
ping <fqdn of Server> -> Response not ok

Has anybody found a working solution for this issue?

Appreciate your help!



This thread was automatically locked due to age.
Parents
  • If I missed it, sorry - did you do this?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 1. yes, Amodin is right.

    also check

    2. Remote access > advanced: enter DNS1 youre DC-IP, DNS2 Firewall LAN-IP, also Domain Name 

    3. check request routing Network services > DNS > request routing > Domain Name >> youre DC

    3.a ) request routing also include owa. and autodiscover if Mail-domaine Name is differend

    4. depending on W10 Client AV-Solution > Enter Company-LAN Network to Client "Good Network"  Antivirus Firewall

    ..for me i use ESET-AV and need to connect TerminalServer(RDS) in lan via VPN

    4a  depending on Server AV-Solution: also need to include "known good Network" on FileServer AV-Firewall to

          connect Shares to Client via VPN

  • Hi all,

    yes, VPN-Pool was specified in DNS allowed networks.

    Also request routing was configured. - There was no problem in dns-resolution, there had been a problem on the clients itself. After slow link detection was disabled, policy update worked.

  • running in trouble with "slow link detection" sounds to discuss the infrastructure or to check switch buffers about crc errors, because the default is very low.

    But you are right - Software Updates not running in this mode.

    Overview good here:

    https://www.rebeladmin.com/2015/05/group-policy-slow-link-detection/

Reply Children
No Data