This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN issue with DNS on Windows 10

Some (but not all) of our Windows 10 users are having a DNS problem when connecting to our local internal network via SSL VPN.

The IP range for our internal network is 192.168.31.0/24. SSL VPN users all get addresses in the 10.242.2.0/24 range.

Our UTM provides DNS services for local network. We have several internal servers which are ONLY accessible from the LAN, or from an SSL VPN connection to the LAN. They have only private IP addresses.

Here's the problem. Our Windows 10 users (again, only some of them) connect successfully to the VPN. They then try to connect to one of our local servers via an IP name (for example, "projectserver.mydomain.com" which points to, for example, 192.168.31.4). The specific error varies, depending on what application they're using, but basically, it's an "NXDOMAIN" error.

The error occurs because, even though they're connected to the VPN, their PC has prioritized their regular (non-VPN) network connection. So when an app on their computer requests a domain name address, the request goes to their normal internet connection to a public DNS server, not over the VPN to our UTM's DNS server. The UTM knows about "projectserver.mydomain.com", but the public DNS server does not, hence the error.

If the user happens to know the numeric IP address (say, 192.168.31.4), they can type that in instead of projectserver.mydomain.com, and it works.

In Windows 7 and earlier, this was never a problem for us. If the SSL VPN connection was active, it was always prioritized and got all DNS requests. With Windows 10, it doesn't always work that way. This may well be a Windows problem and not a UTM problem, but either way, there must surely be a fix by now. Does any one have any suggestions?



This thread was automatically locked due to age.
Parents
  • Hi, Bruce, and welcome to the UTM Community!

    Fellow member Twister5800 was the first (before Sophos!) to have solved this problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Quick Question, in the Advanced area where it says domain.  Is this the External FQDN of the UTM or the internal as my internal domain is utm.domain.local and my external is gw.company.com.

    Thanks!

Reply
  • Quick Question, in the Advanced area where it says domain.  Is this the External FQDN of the UTM or the internal as my internal domain is utm.domain.local and my external is gw.company.com.

    Thanks!

Children
  • Don, it's just the internal domain - company.local.  That gets added to make "server" into "server.company.local," thus allowing name resolution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA