shortmatt
asked on
VPN client cannot see ping internal resources by name
I have a windows 2000 server acting as a DC, DNS server and RRAS server.
Connecting to the RRAS from my home via a Mac OS X, I can ping internal resources by name (e.g. server1.domain.com, server1, computer1, etc).
Connecting to the RRAS from my home via a windows xp home laptop, I cannot ping internal resources by name. IPCONFIG from xp shows that DNS is office DNS server for the PPTP connection. "Use default gateway from the remote network" is checked to prevent split tunneling. Both clients can surf the Internet without difficulty.
What I've learned from the windowsitlibrary.com Site:
"Use Default Gateway on Remote Network: When this option is selected, packets that are unable to be routed over the local network are passed on to the default gateway of the remote network for resolution. With this option, addressing conflicts between the local LAN and the remote LAN are adjudicated in favor of the remote network."
I'm deducting that memdata.com is more easily resolved over my local network since I've visited the site before. It is therefore sending the request to our remote web host, 66.150.29.70. Because of that, I cannot see the remote resources by name at my office because the office uses the domain memdata.com as the internal domain. I presume that if we changed it, it would work.
On the other hand, the Mac sends all requests directly to the remote network (an option I selected when initially setting up the connection), not attempting to resolve anything locally. Because of this, the Mac can see the remote resources by name without any problems, but the XP machine cannot.
Can anyone verify this?
Connecting to the RRAS from my home via a Mac OS X, I can ping internal resources by name (e.g. server1.domain.com, server1, computer1, etc).
Connecting to the RRAS from my home via a windows xp home laptop, I cannot ping internal resources by name. IPCONFIG from xp shows that DNS is office DNS server for the PPTP connection. "Use default gateway from the remote network" is checked to prevent split tunneling. Both clients can surf the Internet without difficulty.
What I've learned from the windowsitlibrary.com Site:
"Use Default Gateway on Remote Network: When this option is selected, packets that are unable to be routed over the local network are passed on to the default gateway of the remote network for resolution. With this option, addressing conflicts between the local LAN and the remote LAN are adjudicated in favor of the remote network."
I'm deducting that memdata.com is more easily resolved over my local network since I've visited the site before. It is therefore sending the request to our remote web host, 66.150.29.70. Because of that, I cannot see the remote resources by name at my office because the office uses the domain memdata.com as the internal domain. I presume that if we changed it, it would work.
On the other hand, the Mac sends all requests directly to the remote network (an option I selected when initially setting up the connection), not attempting to resolve anything locally. Because of this, the Mac can see the remote resources by name without any problems, but the XP machine cannot.
Can anyone verify this?
Have you ceated an A record for www within your local .com domain but have the www point to the external domain's ip address?
If you compare the DNS and gateway settings of the MAC and XP machine, what is the difference?
I understand that the DNS of the XP box points to the PPTP connection, but what about the MAC.
Also, can the PPTP server handle the DNS requests for the remote network or forward them appropriately?
I understand that the DNS of the XP box points to the PPTP connection, but what about the MAC.
Also, can the PPTP server handle the DNS requests for the remote network or forward them appropriately?
ASKER
Inside the office network, an A record exists pointing www.memdata.com to the remote web host. Other memdata.com traffic is handled internally (e.g. the server Hal9000 resolves as hal9000.memdata.com to a local IP address; a local computer Helicity resolves to helicity.memdata.com to a local IP address, etc.).
On an outside network (such as that from my home) I have little control over the DNS since it is supplied by my ISP. I can create (and have considered) adding an entry to a Hosts file to see if that would fix it. However, I don't think that fixes the underlying problem.
The only difference that I can see between the Mac and the laptop at home is that the Mac shows the "router" (which I am presuming is the same as gateway) as the VPN server (192.168.1.5) and I manually added the DNS as the office DNS server for that connection (192.168.1.100). The laptop, on the otherhand is showing the "default gateway" as the assigned IP of the laptop on the VPN (192.168.1.x) and not the VPN server (i.e. if the laptop is assigned the IP on the VPN as 192.168.1.6, the default gateway is 192.168.1.6). It does record an entry as "server" and show the IP of the VPN server (192.168.1.5). The problems exists whether the DNS is set up manually or assigned by the VPN.
On an outside network (such as that from my home) I have little control over the DNS since it is supplied by my ISP. I can create (and have considered) adding an entry to a Hosts file to see if that would fix it. However, I don't think that fixes the underlying problem.
The only difference that I can see between the Mac and the laptop at home is that the Mac shows the "router" (which I am presuming is the same as gateway) as the VPN server (192.168.1.5) and I manually added the DNS as the office DNS server for that connection (192.168.1.100). The laptop, on the otherhand is showing the "default gateway" as the assigned IP of the laptop on the VPN (192.168.1.x) and not the VPN server (i.e. if the laptop is assigned the IP on the VPN as 192.168.1.6, the default gateway is 192.168.1.6). It does record an entry as "server" and show the IP of the VPN server (192.168.1.5). The problems exists whether the DNS is set up manually or assigned by the VPN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On the LAN, the server's gateway is set to the LAN router. The DNS entries point back to itself, since it too is the primary DNS server for our office LAN. In DNS, I have forwarders set to the office ISP. We do not use WINS since the server is Windows 2000 Server and our network is all Windows 2000 and above.
I am not familiar with netsh. Can you explain?
I am not familiar with netsh. Can you explain?
netsh is a command line option for setting networking options. If you open a cmd prompt on the XP box and type:
netsh ?
you'll see a list of options.
netsh ?
you'll see a list of options.
ASKER
When I set DNS via netsh, I can ping by network resource name when I am tunnelling into the VPN. If I am not on the VPN, the DNS server is not available and thus cannot access my LAN. Surely, this is not something that has to be set each time and reset when exiting the VPN.
In netsh, it only shows 2 interfaces, LAN and wireless. Is the VPN not considered an interface (I was thinking PPP).
in netsh diag, I can ping dns. The first dns entry (set at 2) is the VPN dns server (192.168.1.100). The second dns entry (set at 4) is my home network DNS (my gateway). This seems to support my previous idea that the domain is more easily resolved over my local network since I've visited the site before.
I'm open to suggestions.
In netsh, it only shows 2 interfaces, LAN and wireless. Is the VPN not considered an interface (I was thinking PPP).
in netsh diag, I can ping dns. The first dns entry (set at 2) is the VPN dns server (192.168.1.100). The second dns entry (set at 4) is my home network DNS (my gateway). This seems to support my previous idea that the domain is more easily resolved over my local network since I've visited the site before.
I'm open to suggestions.
In the Network Properties of the vpn adapter, set the DNS server to what you want. Then, when you're not connected to the vpn, your local network will be available.
The DNS entry on the vpn adapter will only affect traffic when the vpn is enabled.
As you know, leave your LAN adapter set to your local DNS.
The DNS entry on the vpn adapter will only affect traffic when the vpn is enabled.
As you know, leave your LAN adapter set to your local DNS.
ASKER
This has become much more involved then I had ever imagined! Thank you for all of your advice.
The VPN adapter's DNS has been set to the office VPN since the beginning. It hasn't helped. When I use netsh diag to ping dns, it even pings the VPN dns first, but as soon as I simply ping a host on the VPN network, it resolves back through the LAN dns that I'm on, not the VPN DNS. When I use netsh to show dns, it lists the VPN dns as metric 2, and the local dns as metric 4. I'm guessing that since Windows chose to call this the "preferred dns" it will not push all info through if it doesn't need to.
Again, the funny thing is, when I set the connection's dnsto the VPN dns, all worked well. This is quite a clumsy way to do things, I hope there's an easier way!
If you have any other tricks up your sleeve, I'm open to try them!
The VPN adapter's DNS has been set to the office VPN since the beginning. It hasn't helped. When I use netsh diag to ping dns, it even pings the VPN dns first, but as soon as I simply ping a host on the VPN network, it resolves back through the LAN dns that I'm on, not the VPN DNS. When I use netsh to show dns, it lists the VPN dns as metric 2, and the local dns as metric 4. I'm guessing that since Windows chose to call this the "preferred dns" it will not push all info through if it doesn't need to.
Again, the funny thing is, when I set the connection's dnsto the VPN dns, all worked well. This is quite a clumsy way to do things, I hope there's an easier way!
If you have any other tricks up your sleeve, I'm open to try them!