?
Solved

VPN client cannot see ping internal resources by name

Posted on 2005-03-22
9
Medium Priority
?
192 Views
Last Modified: 2013-12-07
I have a windows 2000 server acting as a DC, DNS server and RRAS server.

Connecting to the RRAS from my home via a Mac OS X, I can ping internal resources by name (e.g. server1.domain.com, server1, computer1, etc).

Connecting to the RRAS from my home via a windows xp home laptop, I cannot ping internal resources by name. IPCONFIG from xp shows that DNS is office DNS server for the PPTP connection. "Use default gateway from the remote network" is checked to prevent split tunneling. Both clients can surf the Internet without difficulty.

What I've learned from the windowsitlibrary.com Site:

"Use Default Gateway on Remote Network: When this option is selected, packets that are unable to be routed over the local network are passed on to the default gateway of the remote network for resolution. With this option, addressing conflicts between the local LAN and the remote LAN are adjudicated in favor of the remote network."

I'm deducting that memdata.com is more easily resolved over my local network since I've visited the site before. It is therefore sending the request to our remote web host, 66.150.29.70. Because of that, I cannot see the remote resources by name at my office because the office uses the domain memdata.com as the internal domain. I presume that if we changed it, it would work.

On the other hand, the Mac sends all requests directly to the remote network (an option I selected when initially setting up the connection), not attempting to resolve anything locally. Because of this, the Mac can see the remote resources by name without any problems, but the XP machine cannot.

Can anyone verify this?
0
Comment
Question by:shortmatt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 13

Expert Comment

by:gpriceee
ID: 13607913
Have you ceated an A record for www within your local .com domain but have the www point to the external domain's ip address?
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13607930
If you compare the DNS and gateway settings of the MAC and XP machine, what is the difference?
I understand that the DNS of the XP box points to the PPTP connection, but what about the MAC.
Also, can the PPTP server handle the DNS requests for the remote network or forward them appropriately?
0
 

Author Comment

by:shortmatt
ID: 13608301
Inside the office network, an A record exists pointing www.memdata.com to the remote web host.  Other memdata.com traffic is handled internally (e.g. the server Hal9000 resolves as hal9000.memdata.com to a local IP address; a local computer Helicity resolves to helicity.memdata.com to a local IP address, etc.).

On an outside network (such as that from my home) I have little control over the DNS since it is supplied by my ISP. I can create (and have considered) adding an entry to a Hosts file to see if that would fix it. However, I don't think that fixes the underlying problem.

The only difference that I can see between the Mac and the laptop at home is that the Mac shows the "router" (which I am presuming is the same as gateway) as the VPN server (192.168.1.5) and I manually added the DNS as the office DNS server for that connection (192.168.1.100). The laptop, on the otherhand is showing the "default gateway" as the assigned IP of the laptop on the VPN (192.168.1.x) and not the VPN server (i.e. if the laptop is assigned the IP on the VPN as 192.168.1.6, the default gateway is 192.168.1.6). It does record an entry as "server" and show the IP of the VPN server (192.168.1.5). The problems exists whether the DNS is set up manually or assigned by the VPN.
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 
LVL 13

Accepted Solution

by:
gpriceee earned 900 total points
ID: 13608669
On the RRAS server, on the LAN interface, do you have a default gateway, or is it empty?
What are the DNS entries?  Not exact addresses but self, isp?
What is in WINS?

On the Public adapter, is the DNS entry the ISP DNS or self?

Based on, "the Mac sends all requests directly to the remote network (an option I selected when initially setting up the connection," on the XP machine, have you tried:
netsh interface ip
set dns "interface name" static xxx.xxx.xxx.xxx

0
 

Author Comment

by:shortmatt
ID: 13610838
On the LAN, the server's gateway is set to the LAN router. The DNS entries point back to itself, since it too is the primary DNS server for our office LAN. In DNS, I have forwarders set to the office ISP. We do not use WINS since the server is Windows 2000 Server and our network is all Windows 2000 and above.

I am not familiar with netsh. Can you explain?
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13610888
netsh is a command line option for setting networking options.  If you open a cmd prompt on the XP box and type:
netsh ?
you'll see a list of options.
0
 

Author Comment

by:shortmatt
ID: 13628146
When I set DNS via netsh, I can ping by network resource name when I am tunnelling into the VPN. If I am not on the VPN, the DNS server is not available and thus cannot access my LAN. Surely, this is not something that has to be set each time and reset when exiting the VPN.

In netsh, it only shows 2 interfaces, LAN and wireless. Is the VPN not considered an interface (I was thinking PPP).

in netsh diag, I can ping dns. The first dns entry (set at 2) is the VPN dns server (192.168.1.100). The second dns entry (set at 4) is my home network DNS (my gateway). This seems to support my previous idea that the domain is more easily resolved over my local network since I've visited the site before.

I'm open to suggestions.
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13629606
In the Network Properties of the vpn adapter, set the DNS server to what you want.  Then, when you're not connected to the vpn, your local network will be available.

The DNS entry on the vpn adapter will only affect traffic when the vpn is enabled.

As you know, leave your LAN adapter set to your local DNS.
0
 

Author Comment

by:shortmatt
ID: 13630834
This has become much more involved then I had ever imagined! Thank you for all of your advice.

The VPN adapter's DNS has been set to the office VPN since the beginning. It hasn't helped. When I use netsh diag to ping dns, it even pings the VPN dns first, but as soon as I simply ping a host on the VPN network, it resolves back through the LAN dns that I'm on, not the VPN DNS. When I use netsh  to show dns, it lists the VPN dns as metric 2, and the local dns as metric 4. I'm guessing that since Windows chose to call this the "preferred dns" it will not push all info through if it doesn't need to.

Again, the funny thing is, when I set the connection's dnsto the VPN dns, all worked well. This is quite a clumsy way to do things, I hope there's an easier way!

If you have any other tricks up your sleeve, I'm open to try them!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question