Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 3 answers
  • Subscribers 2 subscribers
  • Views 18247 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN DNS issue

Marcel Hoffmann

Hi there,

I have built a new VPN configuration for SSL VPN but I have troubles with name resolution.

We have a split DNS with the same DNS suffix existing inside and outside out network.

The connection comes up, nslookup hostname.our-domain.de queries the internal DNS server and gives back an IP. So far so good.

But when I ping that IP or use RDP the Windows clients tries to connect to an external IP because our domain-name also exists in the WWW. This doesn't make sense to me because nslookup works.

The gateway metrik of the sophos default route is higher than the route metrik for the wlan gateway - that's my problem. For testing purposes I used a metrik >500 on the WLAN adapter, reconnected and now everything works and th eclient always queries the internal DNS.

But that's not a solution because I don't want to mess up the metrik settings in our corporate network.

Is there a way to set the metrik to 1 through the sophos appliance or the VPN-client?

Thanks and regards

Marcel



This thread was automatically locked due to age.
Parents
  • 0

    Hi Marcel,

    "But when I ping that IP or use RDP the Windows clients tries to connect to an external IP"

    I understand that you are trying this from the outside when connected via VPN - correct?

    • In 'Remote Access >> Advanced', do you have either your internal DNS or the UTM configured as the first DNS server?
    • If the UTM is one of the DNS servers, is "VPN Pool (SSL)" in 'Allowed Networks' in 'DNS'?
    • Please compare your overall setup with DNS best practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thanks for your reply. I have configured both of our internal DNS-servers in the UTM and yes, I try to reach some hosts from the outside while being connected with the VPN-client.

     

    Ping an IP-adress works, nslookup also works but when I try RDP with a hostname the name resolution fails.

    Cheers

    Marcel

  • 0 in reply to Marcel Hoffmann

    Are you sure that the subnet used for SSL VPN Remote Access doesn't overlap with a LAN behind the UTM?  You mention a WLAN - what and where is that, and does it overlap with anything?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes, I am sure. Routing and using services by ip-adress works - it's just an issue with name resolution.

    I mentioned the wlan adapter because I used a wlan connection with a mobile hotspot for testing purposes. When I change the metrik of the adapter so that the sophos adapter (or better said the sophos gateway) is first the name resolution works. 

Reply
  • 0 in reply to BAlfson

    Yes, I am sure. Routing and using services by ip-adress works - it's just an issue with name resolution.

    I mentioned the wlan adapter because I used a wlan connection with a mobile hotspot for testing purposes. When I change the metrik of the adapter so that the sophos adapter (or better said the sophos gateway) is first the name resolution works. 

Children
Unfiltered HTML