Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 11178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to resolve host names using SSL-VPN

Mike Lennox

We are experiencing issues when users connect to the SSL-VPN with OpenVPN where they are not able to access resources by host name. We can ping internal IP's, but name resolution does not always work. We have verified that we have specified our internal DNS server and domain in the vpn settings.

The problem seems to be intermittent, and doesn't apply to all users, however it does not seem to be related to users in any specific security groups, so it's not a rights issue.

Typically, after a user connects to the VPN, they will run a login script to map drives. When they are experiencing the issue, the login script will fail as it cannot resolve the host names. If they wait several minutes and run the script again, it will work. Same goes with terminal server access.

 

Thoughts?



This thread was automatically locked due to age.
Parents
  • 0

    Just taking a stab in the dark here.  Are the remote workstations joined to your AD domain?  If not, you may need to use fully qualified domain names when accessing anything from the remote workstation.  Try pinging from a problem remote workstation using a fqdn.  If that works, there is a configuration in the Windows networking properties that you can make that will append the domain suffix to all host names.  I believe you can also play around with the vpn config file that gets installed to all remote workstations that will do the same thing.

Reply
  • 0

    Just taking a stab in the dark here.  Are the remote workstations joined to your AD domain?  If not, you may need to use fully qualified domain names when accessing anything from the remote workstation.  Try pinging from a problem remote workstation using a fqdn.  If that works, there is a configuration in the Windows networking properties that you can make that will append the domain suffix to all host names.  I believe you can also play around with the vpn config file that gets installed to all remote workstations that will do the same thing.

Children
No Data