VPN - Not recognizing server name

Hello experts,

Alright here's a doozy.

I have a customer with a laptop. XP Pro SP3. She brings it to her office. She logs into the domain and works normally. She has access to her P:\ driver shich is mapped \\server\Projects.

She takes her laptop to her home and connects VPN. As you know with Windows XP, you can log in with username and password with the domain name and you can log in locally.

Now we use the Safenet 10.8 VPN software. She right-clicks on the software and connects to the configuration profile created for her and then she's showed as connected. The problem is when she tries to access her P:\ drive she's not able to. Now if she does a Start>Run> \\192.168.1.1\Projects it would ask for a username and password and then she would be able to get in.

Now from here the "Band Aid" solution is to put in the network properties the server address in the DNS portion. Then it resolves the name and she would be able to log into her P:\ drive. Problem is, it screws up her internet connection since I'm forcing a DNS server on her.

I have also changed the Host file to add 192.168.1.1   server.domain.local and that doesn't solve it.

Any suggestions. I have clients that I have to do this for in the future and would love to solve this.

Thanks
LVL 1
americanpie3Asked:
Who is Participating?
 
americanpie3Connect With a Mentor Author Commented:
Well experts,

Thanks for all your suggestions and help but it seems that with the FVS318 the most intelligent and sufficient way to do this is with open DNS. In the network adaptor(s) you would put in the DNS the DNS server IP address, then followed by the IP addresses of open DNS.

Then user gets to surf the internet and once logged in VPN the client will recognize which server is the DNS server and will have access to thier mapped drives. The config for the clients that works the best is with the FVS336 since you have the mode config option which you can create an pool of IP addresses and give the safenet client software's virtual adaptor a specific IP address. PLUS, in the mode config you can put in the DSN server's IP address and life if good.

If that PC/laptop would not be logged in as if it joined the domain, life would've been beautiful and simple. But we all know, this is not likely in our line of work.
0
 
AncientFribCommented:
Can you not add a host record on the "forced" DNS server that would resolve to the file server for her?

If not have this file server that resolves the mapped name for her forward DNS requests that don't reside within its home domain to the server that you are "forcing" on her, and set it (the file server) up to be her primary DNS server when connected to the VPN.  Assuming the file server has DNS capabilities.
0
 
americanpie3Author Commented:
Hi ancient,

I think I like where you are going with this. Make the server recognize her.

How would I force the DNS onto her when connected via VPN?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
ryansotoCommented:
In the vpn software you might be able to map a drive when the client connects.
If not then have your client do this .....
With the vpn connected log off of windows (do not shut down) this should leave the vpn connection alive.
Now have her log back in this will now connect as if she was sitting in the office.
Also you will need to change this back so the vpn software tell the laptop to use the office domain controller for that subnet
0
 
AncientFribCommented:
If you have a Windows Server that is handling the VPN connection using Routing and Remote Access then just visit the DHCP settings for that machine and ensure that it is set to hand out the necessary DNS server IP address.

Otherwise, whatever is managing the VPN connection ought to have a way to configure what DNS server IP it is giving out.  Assuming this VPN connection is a client to gateway approach.
0
 
americanpie3Author Commented:
No I don't use Routing and remote access. Safenet 10.8 connecting to a netgear router.

Ryan, I'm not sue how you solution would work.

One thing I tried doing is configuring the software to have a virtual adaptor and forcing an IP address on it and it makes no differnce.
0
 
ryansotoCommented:
What part of my solution...the part about the vpn software?
Generally on the router you would set up the vpn portion and when you do it should ask for what DNS server do you want to use.  This you would set to the internal DNS.
The line of thinking is when your at home and use the internet for yahoo.com it will go through your home ISP.  When you request queries to the internal network it will go through the dns server specified in the router.
You may not have this fucntionality for a lower end router/vpn box
0
 
americanpie3Author Commented:
I have both netgear FVS318 and FVS336. Not exactly low end boxes.

I will see if anywhere I would have to put in the box where the DNS server is. But why would it do that. The 3 jobs this box has is connect to the internet for this office. Block ports (what I don't allow) and create VPN tunnels to the server.

No DHCP, no DYNDNS verifications nothing. Just those 3 jobs.
0
 
ryansotoCommented:
Here is what happens -
When you connect the vpn and then from the laptop you ping an internal server.....
Your corporate office DNS server needs to reply to that information or else internal queries will fail.
0
 
americanpie3Author Commented:
Correct. How di I solve that.
0
 
ryansotoCommented:
That would be a configuration on your vpn unit
0
 
americanpie3Author Commented:
If I have that option right?

If I don't, is there a way to push the DNS onto the VPN client? A DNS configuration/setup from my DNS server?
0
 
ryansotoCommented:
Correct if you have that option, but you should its a standard for vpn...
If not there is no other way I know of.
0
 
americanpie3Author Commented:
I do find it weird considering the box is just used as a secure tunnel. But I guess I will lookup where I can define the servers.
0
 
AncientFribCommented:
The netgear box is probably handing out whatever DNS server IP it receives or has configured.  Assuming there is no way to manually change it for VPN connections, just change the DNS server the netgear box uses.  Ensure that whatever you change it to is set up properly so that requests don't fail.
0
 
Rob WilliamsCommented:
I f you go to control panel | network connections | do you have a SafeNet adapter as well as the local area connection? I assume not. If not, on the task bar right click on the SafeNet icon and choose Security Poicy Editor | then go to connection name | my identity | virtual adapter | select required | save | and reboot.
http://www.lan-2-wan.com/Added%20Images/Netgear-samples/N-Client2.JPG
This should add the virtual Safenet adpter to your Network Connections control panel. Now, the same as you did with the Local area Connection, add your internal DNS server to the DNS configuration tab. This will only affect the VPN and not your LAN connections. While on that page it is also a good idea to add the Domain Suffix as per:
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg
0
 
americanpie3Author Commented:
Thanks for that solution but it does not work.

Even with the adding of the DNS suffix you still can't ping that server using the server name. If you do an ipconfig /all you will not see the DNS servers.
0
 
Rob WilliamsCommented:
Does the SafeNet virtual adapter exist, and if so were you able to add the DNS server and suffix?
If so, on the PC try going to network connections | on the tool bar: advanced | advanced settings | adapters and bindings | move the SafeNet adapter to the top of the binding order list. This should make DNS look-ups look to the SafeNet adapter first. When not connected, for normal day to day use, it will default to the next in the list.
0
 
americanpie3Author Commented:
Yes the default adapter is there.

I then in the virtual adapter (in Safenet) put in an IP address (192.168.2.1). I can then connect and ping via IP but still no DNS servers in the IP Config /all.

Then I put in the IP address in the virtual adapter, the same as the safenet and then put in the DNS the DNS server 192.168.1.1. Still nothing. When I go back to the settings, the DNS server IP doesn't stick.
0
 
americanpie3Author Commented:
I just finised speaking with Netgear tech support.

It seems that the configuration that we have FVS318 and the Safenet client is not a combination which can resolve DNS.

With the FVS336 there are tables in the mode config tab/section of the router that would allow you to insert your DNS servers and put in address pools.

In the end, config no good for DNS and if you have the FVS336. Put an IP address in the virtual adaptor our of the remote site's subnet and in the address pool of the router put in that same subnet.

Wow
0
 
Rob WilliamsCommented:
Do not take anything Netgear support tells you as the gospel truth. A $150 router doesn't get you great support.
I am afraid I cannot test at this site, but I would be very surprised if DNS will not work with the Netgear. All traffic including DNS port 53 is allowed to pass via the VPN. What they may be referring to is name resolution by means of NetBIOS is not supported. NetBIOS relies on broadcast packets (unless you have a local WIN server). Broadcast packets are not routable and cannot be forwarded over a VPN.

Proof of DNS resolution is:
>>"the "Band Aid" solution is to put in the network properties the server address in the DNS portion. Then it resolves the name "
This is using the VPN for DNS, just it is not ideally configured.
0
 
americanpie3Author Commented:
If I put the DNS server in the network adaptor then people won't be able to surf the net.

What they did suggest to bypass is to setup a wins server. I ain't setting that up.
0
 
Rob WilliamsCommented:
>>"If I put the DNS server in the network adapter then people won't be able to surf the net."
I agree, and not suggesting you do that, but just using the fact that that works, to verify DNS name resolution does work over the VPN, as that is the only route for it to take.

I agree a WINS server a) should not be necessary b) is ridiculous over kill for a single client.

No question the proper solution is to add the DNS entry to the SafeNet adapter, but I don't understand why it doesn't work for you. I have used it in numerous situations, with the SafeNet client on Netgear and Watchguard firewalls. It does need to be added before the connection is made.
0
 
americanpie3Author Commented:
Agreed

Exactly

The thing that gets me is that the DNS IP that I put in does not stick. Plus adding hte suffix does nothing.
0
 
Rob WilliamsCommented:
I assume the server's IP is 192.168.1.1?
Is there any chance her home uses 192.168.1.x as the local subnet? The remote and local sites must use different subnets.
0
 
americanpie3Author Commented:
No, I'm doing the tests from my office and we are not the subnet of 1.

I'm testing it here before offering the solution to the client. You know, sell the product that works and tested.
0
 
Rob WilliamsCommented:
>>"sell the product that works and tested"
Interesting concept. I wish more people thought that way :-)
0
 
americanpie3Author Commented:
You mean like Symantec... LOL.

I think I found a way to go around this. On the laptop's adaptor, I put in the server's DNS. Then for internet, I implemented open DNS server addresses. Open DNS would avoid the laptop to question the ISP for a DNS. Open DNS's IP's are static and never change.

SO far so good.
0
 
Rob WilliamsCommented:
Interesting. Hopefully that will "resolve" the problem.

I am not a Symantec fan either.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.