Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 330360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN, nslookup ok, but no ping

Vodochnik
[SOLVED, but currently for admin user only!]

Hi there,

switched to astaro SSL VPN and have now huge problem:

ping IP works.
ping hostname or FQDN does NOT work
nslookup works.

VPN push internal DNS servers works just fine. They also answers to nslookup, but ping says "host name not found".

Same behavior for internal and external domains like google.com.
[:@] But sometimes it works just fine! [:@] 

VPN connection is on the top in connection list. Flushdns helps _sometimes_.

I have tried to deactivate NetBIOS in adapter settings and it works now, but after "sleep" not anymore.

This drives me crazy, is there any "ready for use" solution? Or does nobody use this buggy feature of astaro?

Similar thread: https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/55090
Some old thread with same prob: https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53075


This thread was automatically locked due to age.
Parents
  • 0

    Can someone confirm, that this issue is fixed now in Sophos UTM? :)

    I'm still happy with Securepoint SSL VPN Client, but it's buggy by QHD screen resolution (

  • 0 in reply to Vodochnik

    Update 15.08.2017

    SOLUTION 1

    edit client openvpn config file and add / change these settings:

    route-delay 2

    register-dns

    With assistence of Sophos Support it's possble to modify the UTM Config to include these settings in setup.exe ....

     

    SOLUTION 2

    I did a bigger dive to this Problem, because we had lot's of Clients running Windows 7 showing this issue. If you check with Wireshark you will see that the DNS requests are routed to the WLAN / LAN DNS Server, not the SSL VPN Adapter DNS Server. Restarting DNS-Client (dnscache) Service fixes the Problem after establishing the vpn Connections. It's horrible and the root cause of the Problem is not clear.

    A useable fix should be this:

    Assign the Users rights to the Service "dnscache" using a Domain GPO.

    Computer / Policies / Windows Settings / Security Settings  / System Settings / DNS Client / Define -> Automatic
    Add the User or Group and Allow Start, Stop and Pause Right.

    Navigate to the SSL Config Folder:

    C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config

    If your config files Looks like:

    ralf@194.194.194.194.ovpn create a text file with the Name ralf@194.194.194.194_up.bat containing this Code:

    start /min cmd.exe /c "C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\dnscache.cmd"
    exit

    Create in the same Folder a text file with the Name dnscache.cmd containing this Content:

    echo ---------------------------- > c:\windows\temp\openvpn.txt 2>&1
    date /t >> c:\windows\temp\openvpn.txt 2>&1
    time /t >> c:\windows\temp\openvpn.txt 2>&1
    net stop dnscache >> c:\windows\temp\openvpn.txt 2>&1
    net start dnscache >> c:\windows\temp\openvpn.txt 2>&1

    After establishing a new VPN Connection the Service dnscache will automatically restart and the Name Resolution should work.

     

    Ralf Luithle

    Luithle & Luithle IT Services

     

Reply
  • 0 in reply to Vodochnik

    Update 15.08.2017

    SOLUTION 1

    edit client openvpn config file and add / change these settings:

    route-delay 2

    register-dns

    With assistence of Sophos Support it's possble to modify the UTM Config to include these settings in setup.exe ....

     

    SOLUTION 2

    I did a bigger dive to this Problem, because we had lot's of Clients running Windows 7 showing this issue. If you check with Wireshark you will see that the DNS requests are routed to the WLAN / LAN DNS Server, not the SSL VPN Adapter DNS Server. Restarting DNS-Client (dnscache) Service fixes the Problem after establishing the vpn Connections. It's horrible and the root cause of the Problem is not clear.

    A useable fix should be this:

    Assign the Users rights to the Service "dnscache" using a Domain GPO.

    Computer / Policies / Windows Settings / Security Settings  / System Settings / DNS Client / Define -> Automatic
    Add the User or Group and Allow Start, Stop and Pause Right.

    Navigate to the SSL Config Folder:

    C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config

    If your config files Looks like:

    ralf@194.194.194.194.ovpn create a text file with the Name ralf@194.194.194.194_up.bat containing this Code:

    start /min cmd.exe /c "C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\dnscache.cmd"
    exit

    Create in the same Folder a text file with the Name dnscache.cmd containing this Content:

    echo ---------------------------- > c:\windows\temp\openvpn.txt 2>&1
    date /t >> c:\windows\temp\openvpn.txt 2>&1
    time /t >> c:\windows\temp\openvpn.txt 2>&1
    net stop dnscache >> c:\windows\temp\openvpn.txt 2>&1
    net start dnscache >> c:\windows\temp\openvpn.txt 2>&1

    After establishing a new VPN Connection the Service dnscache will automatically restart and the Name Resolution should work.

     

    Ralf Luithle

    Luithle & Luithle IT Services

     

Children
No Data
Unfiltered HTML