Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 8567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN DNS issue

Travis Cantrell

Hello,

I'm having an issue where clients are failing to resolve address names while using VPN. I can ping an IP address, but pinging a host name returns host not found. The UTM is functioning as the gateway and DNS server and DNS works fine in the LAN. I have set the VPN pool as an allowed network for DNS services and set the gateway and Google DNS as DNS servers under the Remote access options. I've searched and read the guides from Sophos, but I can't seem to find the cause.



This thread was automatically locked due to age.
  • 0

    Have you put the DNS-address of the VPN interface in the DNS-address field (Usually 10.242.2.1)?

    What happens when you open a command prompt and type NSLOOKUP followed by enter?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    You mean put the VPN interface under DNS servers under Remote Access-> Advanced? Just tried that, and it didn't change anything.

     

    Nslookup gets me: 

     

     nslookup google.com
    Server:        127.0.1.1
    Address:    127.0.1.1#53

    ** server can't find google.com: REFUSED

     

    So it looks like the client isn't picking up the DNS server information. I'm using an SSL VPN and OpenVPN client on my machine, if that makes a difference.

  • 0 in reply to Travis Cantrell

    That's indeed not right... You can rightclick on your VPN connections icon in taskbar and view log.

    Can you find something similar as in this log?:

    dhcp-option DNS 10.242.2.1

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    There is. It's currently set to dhcp-option DNS 192.168.1.1 and dhcp-option DNS 8.8.8.8. I tried putting in the VPN interface in place of the 192.168 address, and it didn't change anything.

  • 0 in reply to apijnappels

    Another thing that may be part of the issue: When I run a trace route to google, it runs through the network I'm currently on directly there. I attempted to setup the UTM so that all VPN traffic would flow through it before going to the internet, and it doesn't look like it's currently doing that.

  • 0

    I got it sorted out. The masquerading rule was wrong. I had it set to Internal -> WAN. I reviewed the config on my old UTM and changed it to Any -> WAN and it's working now.

Cookie Information Banner