This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Problem. Wrong DNS servers

Hi

I'm using the newest Sophos SSL VPN client.
We have the following problem.

We are not able to resolve the internal ressources after connecting with the VPN client.
- We can resolve the external ressources.
- With a nslookup I get the correct server and I can resolve the internal servers.
- With a Ping command I'm not able to resolve the severs. Also not with the FQDN.
- A ipconfig/registerdns and a ipconfig/flushdns will solve the problem

How can I solve this problem globaly for all clients.

Best regards

This thread was automatically locked due to age.

Parents

0 BAlfson over 11 years ago

Before you run those commands, does ipconfig /all show 10.0.1.21 & .27?

If you're running split DNS and have cached some values that conflict with ones you want via the VPN connection, you will indeed need to /flushdns. I don't understand why registerdns would be needed though.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 udeo over 11 years ago in reply to BAlfson

Hi Bob

It seems the /registerdns comes from this old thread:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53075

The thread is about an older version of the SSL client.
I researched this problem because I have the exact same issue with our new UTM 320. I tested the SSL VPN on a Windows XP and a Windows 7 laptop with the same results. The strange thing is, it doesn't matter if I enable split tunneling or not. I always have this problem. As soon as I do an ipconfig /registerdns after I connect woth the VPN client, I can ping my internal servers by DNS name. If I don't do a ipconfig /registerdns, I can't oing by DNS name, only by IP.
It soemhow looks like the problem is the VPN client because as soon as I deactivate the firewall rule "VPN Users -> DNS -> any", I see dropped packets to the DNS servers that come from my WLAN connection. But the client should use the DNS servers configured on the UTM. When I do an ipconfig /all, it shows the correct DNS and WINS servers on the Sophos LAN adapter.
I also added the line 'redirect-gateway def1' to the .ovpn file like suggested here:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/54784
Unfortunately with no success.

Regards, Fabian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 udeo over 11 years ago in reply to BAlfson

Hi Bob

It seems the /registerdns comes from this old thread:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53075

The thread is about an older version of the SSL client.
I researched this problem because I have the exact same issue with our new UTM 320. I tested the SSL VPN on a Windows XP and a Windows 7 laptop with the same results. The strange thing is, it doesn't matter if I enable split tunneling or not. I always have this problem. As soon as I do an ipconfig /registerdns after I connect woth the VPN client, I can ping my internal servers by DNS name. If I don't do a ipconfig /registerdns, I can't oing by DNS name, only by IP.
It soemhow looks like the problem is the VPN client because as soon as I deactivate the firewall rule "VPN Users -> DNS -> any", I see dropped packets to the DNS servers that come from my WLAN connection. But the client should use the DNS servers configured on the UTM. When I do an ipconfig /all, it shows the correct DNS and WINS servers on the Sophos LAN adapter.
I also added the line 'redirect-gateway def1' to the .ovpn file like suggested here:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/54784
Unfortunately with no success.

Regards, Fabian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data