?
Solved

VPN - Not recognizing server name

Posted on 2008-11-04
29
Medium Priority
?
731 Views
Last Modified: 2008-11-12
Hello experts,

Alright here's a doozy.

I have a customer with a laptop. XP Pro SP3. She brings it to her office. She logs into the domain and works normally. She has access to her P:\ driver shich is mapped \\server\Projects.

She takes her laptop to her home and connects VPN. As you know with Windows XP, you can log in with username and password with the domain name and you can log in locally.

Now we use the Safenet 10.8 VPN software. She right-clicks on the software and connects to the configuration profile created for her and then she's showed as connected. The problem is when she tries to access her P:\ drive she's not able to. Now if she does a Start>Run> \\192.168.1.1\Projects it would ask for a username and password and then she would be able to get in.

Now from here the "Band Aid" solution is to put in the network properties the server address in the DNS portion. Then it resolves the name and she would be able to log into her P:\ drive. Problem is, it screws up her internet connection since I'm forcing a DNS server on her.

I have also changed the Host file to add 192.168.1.1   server.domain.local and that doesn't solve it.

Any suggestions. I have clients that I have to do this for in the future and would love to solve this.

Thanks
0
Comment
Question by:americanpie3
  • 14
  • 7
  • 5
  • +1
29 Comments
 
LVL 5

Expert Comment

by:AncientFrib
ID: 22878131
Can you not add a host record on the "forced" DNS server that would resolve to the file server for her?

If not have this file server that resolves the mapped name for her forward DNS requests that don't reside within its home domain to the server that you are "forcing" on her, and set it (the file server) up to be her primary DNS server when connected to the VPN.  Assuming the file server has DNS capabilities.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22878184
Hi ancient,

I think I like where you are going with this. Make the server recognize her.

How would I force the DNS onto her when connected via VPN?
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22878225
In the vpn software you might be able to map a drive when the client connects.
If not then have your client do this .....
With the vpn connected log off of windows (do not shut down) this should leave the vpn connection alive.
Now have her log back in this will now connect as if she was sitting in the office.
Also you will need to change this back so the vpn software tell the laptop to use the office domain controller for that subnet
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Expert Comment

by:AncientFrib
ID: 22878268
If you have a Windows Server that is handling the VPN connection using Routing and Remote Access then just visit the DHCP settings for that machine and ensure that it is set to hand out the necessary DNS server IP address.

Otherwise, whatever is managing the VPN connection ought to have a way to configure what DNS server IP it is giving out.  Assuming this VPN connection is a client to gateway approach.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22878407
No I don't use Routing and remote access. Safenet 10.8 connecting to a netgear router.

Ryan, I'm not sue how you solution would work.

One thing I tried doing is configuring the software to have a virtual adaptor and forcing an IP address on it and it makes no differnce.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22878602
What part of my solution...the part about the vpn software?
Generally on the router you would set up the vpn portion and when you do it should ask for what DNS server do you want to use.  This you would set to the internal DNS.
The line of thinking is when your at home and use the internet for yahoo.com it will go through your home ISP.  When you request queries to the internal network it will go through the dns server specified in the router.
You may not have this fucntionality for a lower end router/vpn box
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22878795
I have both netgear FVS318 and FVS336. Not exactly low end boxes.

I will see if anywhere I would have to put in the box where the DNS server is. But why would it do that. The 3 jobs this box has is connect to the internet for this office. Block ports (what I don't allow) and create VPN tunnels to the server.

No DHCP, no DYNDNS verifications nothing. Just those 3 jobs.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22878964
Here is what happens -
When you connect the vpn and then from the laptop you ping an internal server.....
Your corporate office DNS server needs to reply to that information or else internal queries will fail.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22879005
Correct. How di I solve that.
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22879018
That would be a configuration on your vpn unit
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22879037
If I have that option right?

If I don't, is there a way to push the DNS onto the VPN client? A DNS configuration/setup from my DNS server?
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 22879066
Correct if you have that option, but you should its a standard for vpn...
If not there is no other way I know of.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22879086
I do find it weird considering the box is just used as a secure tunnel. But I guess I will lookup where I can define the servers.
0
 
LVL 5

Expert Comment

by:AncientFrib
ID: 22879139
The netgear box is probably handing out whatever DNS server IP it receives or has configured.  Assuming there is no way to manually change it for VPN connections, just change the DNS server the netgear box uses.  Ensure that whatever you change it to is set up properly so that requests don't fail.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22883246
I f you go to control panel | network connections | do you have a SafeNet adapter as well as the local area connection? I assume not. If not, on the task bar right click on the SafeNet icon and choose Security Poicy Editor | then go to connection name | my identity | virtual adapter | select required | save | and reboot.
http://www.lan-2-wan.com/Added%20Images/Netgear-samples/N-Client2.JPG
This should add the virtual Safenet adpter to your Network Connections control panel. Now, the same as you did with the Local area Connection, add your internal DNS server to the DNS configuration tab. This will only affect the VPN and not your LAN connections. While on that page it is also a good idea to add the Domain Suffix as per:
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22887377
Thanks for that solution but it does not work.

Even with the adding of the DNS suffix you still can't ping that server using the server name. If you do an ipconfig /all you will not see the DNS servers.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22887496
Does the SafeNet virtual adapter exist, and if so were you able to add the DNS server and suffix?
If so, on the PC try going to network connections | on the tool bar: advanced | advanced settings | adapters and bindings | move the SafeNet adapter to the top of the binding order list. This should make DNS look-ups look to the SafeNet adapter first. When not connected, for normal day to day use, it will default to the next in the list.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22887740
Yes the default adapter is there.

I then in the virtual adapter (in Safenet) put in an IP address (192.168.2.1). I can then connect and ping via IP but still no DNS servers in the IP Config /all.

Then I put in the IP address in the virtual adapter, the same as the safenet and then put in the DNS the DNS server 192.168.1.1. Still nothing. When I go back to the settings, the DNS server IP doesn't stick.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22888168
I just finised speaking with Netgear tech support.

It seems that the configuration that we have FVS318 and the Safenet client is not a combination which can resolve DNS.

With the FVS336 there are tables in the mode config tab/section of the router that would allow you to insert your DNS servers and put in address pools.

In the end, config no good for DNS and if you have the FVS336. Put an IP address in the virtual adaptor our of the remote site's subnet and in the address pool of the router put in that same subnet.

Wow
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22888271
Do not take anything Netgear support tells you as the gospel truth. A $150 router doesn't get you great support.
I am afraid I cannot test at this site, but I would be very surprised if DNS will not work with the Netgear. All traffic including DNS port 53 is allowed to pass via the VPN. What they may be referring to is name resolution by means of NetBIOS is not supported. NetBIOS relies on broadcast packets (unless you have a local WIN server). Broadcast packets are not routable and cannot be forwarded over a VPN.

Proof of DNS resolution is:
>>"the "Band Aid" solution is to put in the network properties the server address in the DNS portion. Then it resolves the name "
This is using the VPN for DNS, just it is not ideally configured.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22888316
If I put the DNS server in the network adaptor then people won't be able to surf the net.

What they did suggest to bypass is to setup a wins server. I ain't setting that up.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22888399
>>"If I put the DNS server in the network adapter then people won't be able to surf the net."
I agree, and not suggesting you do that, but just using the fact that that works, to verify DNS name resolution does work over the VPN, as that is the only route for it to take.

I agree a WINS server a) should not be necessary b) is ridiculous over kill for a single client.

No question the proper solution is to add the DNS entry to the SafeNet adapter, but I don't understand why it doesn't work for you. I have used it in numerous situations, with the SafeNet client on Netgear and Watchguard firewalls. It does need to be added before the connection is made.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22888436
Agreed

Exactly

The thing that gets me is that the DNS IP that I put in does not stick. Plus adding hte suffix does nothing.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22888485
I assume the server's IP is 192.168.1.1?
Is there any chance her home uses 192.168.1.x as the local subnet? The remote and local sites must use different subnets.
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22888602
No, I'm doing the tests from my office and we are not the subnet of 1.

I'm testing it here before offering the solution to the client. You know, sell the product that works and tested.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22888628
>>"sell the product that works and tested"
Interesting concept. I wish more people thought that way :-)
0
 
LVL 1

Author Comment

by:americanpie3
ID: 22888662
You mean like Symantec... LOL.

I think I found a way to go around this. On the laptop's adaptor, I put in the server's DNS. Then for internet, I implemented open DNS server addresses. Open DNS would avoid the laptop to question the ISP for a DNS. Open DNS's IP's are static and never change.

SO far so good.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 22888719
Interesting. Hopefully that will "resolve" the problem.

I am not a Symantec fan either.
0
 
LVL 1

Accepted Solution

by:
americanpie3 earned 0 total points
ID: 22908509
Well experts,

Thanks for all your suggestions and help but it seems that with the FVS318 the most intelligent and sufficient way to do this is with open DNS. In the network adaptor(s) you would put in the DNS the DNS server IP address, then followed by the IP addresses of open DNS.

Then user gets to surf the internet and once logged in VPN the client will recognize which server is the DNS server and will have access to thier mapped drives. The config for the clients that works the best is with the FVS336 since you have the mode config option which you can create an pool of IP addresses and give the safenet client software's virtual adaptor a specific IP address. PLUS, in the mode config you can put in the DSN server's IP address and life if good.

If that PC/laptop would not be logged in as if it joined the domain, life would've been beautiful and simple. But we all know, this is not likely in our line of work.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question