Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 21064 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS traffic from SSL VPN clients allowed any DNS server

Mokaz

 Hi all,

While testing some stuff on travel, I've discovered that my SSL VPN connected client can make DNS requests to ANY dns server (home ISP router, Google public DNS etc).
That's a little weird to me because my Network Protection --> Firewall --> Rules are completely exempt of DNS based rules, i rely on my UTM DNS server which forwards requests to my Home ISP router.

I've been under the impression that with no matching rules, traffic should be denied. Am i wrong here?

Also, i've verified from a Home LAN based host via RDP, the LAN hosts have no DNS access to any other DNS server than my UTM dns server. any other attempts at UDP 53 is dropped. The live logs show Default DROP hit for such traffic, although via the SSL VPN it passes through..

Any ideas are welcome.

Cheers,
m.



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    I gonna ask the question diferentley

     

    As expample the the details of a public wifi i'm connected to:

    IP WAN:               12.123.12.13
    ISP DNS:              214.23.45.220
                               214.23.45.240
    IP My Laptop:       192.168.0.10
    SUBnet Mask:       255.255.255.0
    Defaultl Gateway: 192.168.0.1
    DHCP Server:       192.168.0.1
    DNS Server:         192.168.0.1

     

    Now when go to whatismyip.com or some dnsleak.com site and i run a test i get the details list above and this is correct.

    So now i turn on my full tunnel ssl vpn to home and i suppost the get the details from home.

    So when going to somthing like netflix i still can get to my contents because the DNS of the public ip is used en not the DNS from home

    When double check this by going to whatever DNS LEAK TEST SITE it will be confirm that i using the public wifi DNS names.

     

    When connected with the full ssl vpn i want all traffic to go out from my home ISP.. so ip and dns from home

  • 0 in reply to xianx x

    So, let me say this in my words and you can tell me if I've understood correctly:

    When you connect via VPN to your home UTM, you want your client to get DNS from your home UTM, not from the LAN you're in.

    In that case, this will be very difficult to configure for a site-to-site and would require manual intervention to make the changes for your client.

    The only practical approach is Remote Access.  In your home UTM, configure an SSL VPN Profile with your username in 'Users and Groups', your LAN and "Internet" in 'Local Networks' and with 'Automatic firewall rules' selected.  In DNS, add the "username (User Network)" object to 'Allowed Networks'.  I would also do the same in Web Filtering.

    Of course, you will also need a masq rule like 'VPN Pool (SSL) -> External'.

    Note that both before you connect and after you disconnect, you will want to do an ipconfig /flushdns on your client PC.

    Any better luck with all of that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML