OpenVPN DNS issue

Hi Marcel,

"But when I ping that IP or use RDP the Windows clients tries to connect to an external IP"

I understand that you are trying this from the outside when connected via VPN - correct?

• In 'Remote Access >> Advanced', do you have either your internal DNS or the UTM configured as the first DNS server?
• If the UTM is one of the DNS servers, is "VPN Pool (SSL)" in 'Allowed Networks' in 'DNS'?
• Please compare your overall setup with DNS best practice.

Cheers - Bob

Hi Marcel,

"But when I ping that IP or use RDP the Windows clients tries to connect to an external IP"

I understand that you are trying this from the outside when connected via VPN - correct?

• In 'Remote Access >> Advanced', do you have either your internal DNS or the UTM configured as the first DNS server?
• If the UTM is one of the DNS servers, is "VPN Pool (SSL)" in 'Allowed Networks' in 'DNS'?
• Please compare your overall setup with DNS best practice.

Cheers - Bob

Hi Bob,

thanks for your reply. I have configured both of our internal DNS-servers in the UTM and yes, I try to reach some hosts from the outside while being connected with the VPN-client.

Ping an IP-adress works, nslookup also works but when I try RDP with a hostname the name resolution fails.

Cheers

Marcel

Are you sure that the subnet used for SSL VPN Remote Access doesn't overlap with a LAN behind the UTM?  You mention a WLAN - what and where is that, and does it overlap with anything?

Cheers - Bob

Yes, I am sure. Routing and using services by ip-adress works - it's just an issue with name resolution.

I mentioned the wlan adapter because I used a wlan connection with a mobile hotspot for testing purposes. When I change the metrik of the adapter so that the sophos adapter (or better said the sophos gateway) is first the name resolution works. 

Some more information: This is exactly my problem:

http://superuser.com/questions/120038/changing-network-type-from-unidentified-network-to-private-network-on-an-openvpn

I can avoid this, by adding the gateway ip of my ssl vpn ip range as "additional gateway" with a metric of 1 in the sophos-adapter. But that's only a workaround.

I still hope for a better solution :).

So, this is a problem in the client PC, not the UTM - right?

Cheers - Bob

This is a problem of every client pc on which I install the sophos-VPN client (that is of course based on OpenVPN).

I hope the problem is clear - our domainname exists externally and internally and after successful connection the name resolution with internal DNS fails. After adding an gateway with fixed metric manually (although I use dhcp) it works most of the time (but as I found out, not always).