This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No DNS resolution over (Open)VPN of Synology NAS in a Windows Server 2016 (DNS, DHCP, DC) and Sophos UTM environment

Hello guys,

I have a DNS resolution issue:

The NAS has a VPN-Connection with the Sophos UTM and I can access it via my Windows Server using the IP giving from the VPN-Pool (10.242.2.X).
The problem is that I want to use a FQDN name like NAS.domain.local and the resolution of this should be the VPN-Pool-IP. But now I get the local 192.168.178.X IP, which is in the fritzbox-network.

I also use a OpenVPN-connection for my Windows 10 laptop and there the resolution works (LAPTOP.domain.local gives me a VPN-Pool-IP), but I have to mention that for the Tunnel-Adapter I set the following option:

Can someone help me please?

Thanks!

This thread was automatically locked due to age.

Parents

0 BAlfson over 6 years ago

Hi and welcome to the UTM Community!

"But now I get the local 192.168.178.X IP, which is in the fritzbox-network."

How about a simple diagram with IPs and connections?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Brabs Grog over 6 years ago in reply to BAlfson

Hi Thanks!

Ok I drawed this diagram:

I hope the diagram is clear.

My problem is that if I use nslookup for nas.company.local it resolve 192.168.178.51 (internal I want the VPN-IP). For my laptop (homelaptop.company.local) I get the VPN-IP (10.242.2.101).
If you have question about the issue or the diagram pls ask :)

Thanks for your help!
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Brabs Grog

What happens if you uncheck 'Register this connection's addresses in DNS'?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Brabs Grog over 6 years ago in reply to BAlfson

I did it and for my laptop I still get the correct DNS-resolution. It shows me the VPN-IP for nslookup laptop.company.local.

What I also did is that the WindowsServer allows nonsecure DNS updates (like for my laptop which is NOT in the domain, but in the network):
Cancel
Vote Up 0 Vote Down

Cancel
Brabs Grog over 6 years ago in reply to Brabs Grog

This reply was deleted.
Cancel
Cancel
0 Brabs Grog over 6 years ago in reply to Brabs Grog

Me again....

Without the option the DNS resolution/registration doesn't work... (I did "nslookup laptop" and it shows me the NAS-IP because of false entries...)

So for Windows I need this option!

Edit:

In Sophos UTM -> Network Protection I can see that several packets of the NAS-VPN-IP will be dropped:

Service;Packets
"HTTPS (tcp/443)";123
"HTTP (tcp/80)";24
"HOSTS2-NS (tcp/81)";5
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Brabs Grog over 6 years ago in reply to Brabs Grog

Me again....

Without the option the DNS resolution/registration doesn't work... (I did "nslookup laptop" and it shows me the NAS-IP because of false entries...)

So for Windows I need this option!

Edit:

In Sophos UTM -> Network Protection I can see that several packets of the NAS-VPN-IP will be dropped:

Service;Packets
"HTTPS (tcp/443)";123
"HTTP (tcp/80)";24
"HOSTS2-NS (tcp/81)";5
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data