Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting to VPN via Sophos Connect uses remote DNS rather than local

Matt Tyree

I configured my local DNS server (pfSense) to block access to certain domains. But, when I connect to my office's VPN with Sophos Connect, the domains are not blocked and nslookup shows that the default DNS is the remote server.

Is there something in the Sophos Connect config file that I can change to default to the local DNS server?

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    I'm a novice with this networking stuff. I know enough to be dangerous. :-)

    I was just hoping there was a simple solution that would tell Windows or the Sophos Connect software to set the local network connection to be the source of the primary DNS server and the VPN connection's DNS server would supply additional DNS info if a name couldn't be resolved on the local network DNS server. If this isn't possible (without a bunch of complex configurations), it's not a huge deal as only my main PC would ever connect to this VPN and thus circumvent my local DNS blacklists.

    Thanks!

    Matt

  • 0 in reply to Matt Tyree

    If you facing scenerio where your dns requests goes to different DNS provider which isnt selected, then you've got a DNS LEAK. I had the same problem which you mention and as far as i know Sophos connect client doesnt support option to prevent DNS leak. IThere are some solutions for it.

    First you can add to config-> this is for Linux ofcourse.


    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
    dhcp-option DNS your_dns_srv

    For WINDOWS you may need to add:

    block-outside-dns

    In Sophos XG configuration in NAT policies you can also set a policy that NATs DNS requests to your local DNS server ;)

    This works for me and i dont have DNS LEAKS ;)

  • 0 in reply to Regex

    This is not about DNS Leaks. 

    Actually he wants to have a "DNS Leak". He wants to have a DNS Request route on his Client. 

  • 0 in reply to LuCar Toni

    oh... Then sorr, guess that i didnt understood corretly ^^

  • 0 in reply to LuCar Toni

    DNS leak sounds so bad. :-D

    I can see what you mean, though. The purpose of a VPN is to route requests through it which is what makes all those VPN services so enticing to people. I can see how I am trying to push against that design.

    Really, I want my PC to "live" on my local network, but just have access to the remote network resources. Only use the remote DNS for resolving that network's resources and not for the outside world.

    Again, though, I can live with it the way it is as it's only my main PC that can subvert the local DNSBL.

    Thanks!