@All,
we are using OpenVPN clients 2.3.8 downloaded from the Sophos user portal on windows 7 computers.
Our internal an external domain suffixes are the same: companyname.net
On some PCs we have the problem that the negative cache is not cleared when establishing an OpenVPN connection against our Sophos SSL-VPN connection. This leads to unreachability of some servers because the Explorer, CitrixClient, .... already did try to reach the servers before the connection was established and there is an entry in the negative cache.
I already did some "research":
- A ipconfig /flushdns on the commandline works if the user has the correct rights (local administrator) which is usually not the case and besides that it produces to much effort to do this everytime the users are logging in.
Our internal an external domain suffixes are the same: companyname.net
On some PCs we have the problem that the negative cache is not cleared when establishing an OpenVPN connection against our Sophos SSL-VPN connection. This leads to unreachability of some servers because the Explorer, CitrixClient, .... already did try to reach the servers before the connection was established and there is an entry in the negative cache.
I already did some "research":
- A ipconfig /flushdns on the commandline works if the user has the correct rights (local administrator) which is usually not the case and besides that it produces to much effort to do this everytime the users are logging in.
- If you start openvpn-gui.exe and openvpn.exe as an administrator in compatibility mode you need to enter the administrative credentials each time you login (because of the autostart of openvpn-gui.exe). This is also too much effort for the users and not all of them know the login/password combination of an local administrative account.
- Furthermore there is an registry key Key MaxNegativeCacheTtl which disables the mechanism but has some negative side effects and is different to implement on 200-300 Laptops of users without administrative rights.
There are Clients with 2.3.0 (installed last year) which seem to behave slightly different. The problem is also not 100% reproducible. I have not seen the problem on our few Windows 10 clients so far. I did not test the current OpenVPN version 2.3.11 because the offical downloadable version on the Firewall of Sophos with the latest firmware is 2.3.8 and our procedure for the installation relies on the download of the config files and client from sophos user portal.
Is there a supported way to start with a clean negative cache after establishing VPN connections without having administrative rights? For which versions of the OpenVPN clients ist this working? Do we need a newer version than the one supported by the user portal with current Firmware?
Thanks
Bernd
This thread was automatically locked due to age.
