DNS issue with VPN clients

Mach03
Mach03 used Ask the Experts™
on
I have a Linksys RVS4000 vpn router that's is working great.  I have the internal clients setup as 10.0.0.10-xx but I'm not 100% sure I have the VPN clients setup correctly.  It looks as though the VPN clients are setup as pass-through and not granted with an internal IP?  Could that be right?

The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address.  So I have a DNS issue here.  Does anyone have any steps to successfully set the vpn clients correctly or have an idea as to what I missed?

I just looked and it's set to "gateway" mode and not router....


Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kerem ERSOYPresident

Commented:
Hi,

DNS setting resides with the server. So you should add DNS server that your clients will use on  connection. This is not a clientside setting.

Cheers,
K.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
For clients there is no "pass-thru" mode at all. A client will always receive an IP address from the VPN server/device; the same with DNS server addresses and DNS suffixes. Depending on the VPN Client you are using, and some settings on the client, remote DNS is used or not.
Main issue with Windows: You can only use a single DNS server. So either the remote DNS server is used for resolving all names, or your local one (from ISP).

Name resolution is done best by using a WINS server (and propagating its IP to the client). The WINS server integrates with DNS, and is able to resolve NetBIOS names without need to apply DNS suffixes, which are different in most cases for your office and home.

Whatsoever, you can see DNS, IP and WINS settings while connected by issuing   ipconfig /all    in a command prompt.
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
"The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address"

1)is your client computer is a member of same domain? if not than how you will be able
2) when you are @ remote location, try to connect VPN, you will get IP, Subnet and Gaetway from your office but without "DNS" , but if you look closely before connecting VPN you have IP and DNS setting on your client computer (regardless of your computer is a member of Domain or not), and you will put local ISP DNS server address in your DNS setting and connect to VPN the first DNS will be your static DNS (ISP DNS) so in any case you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully.
i also agree with Qlemo, Wins can resolve your issue.    
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
I WANT TO CLERIFY

"you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully"

this mean ping using hostname,

Author

Commented:
I understand what your saying and that makes sense, but I fear that I may have a configuration issue with the VPN router I've never setup a RVS400 before.  

At the client BEFORE I connect, I run ipconfig /all at a remote location (home dsl):

C:\Documents and Settings\Tom>ipconfig /all

-------------------------------------------------------------------------------------------------
Windows IP Configuration

        Host Name . . . . . . . . . . . . : usergw
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.actdsltmp
        Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
        Physical Address. . . . . . . . . : xx-xx-xx-xx
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
        Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:14 PM
-------------------------------------------------------------------------------------------------

Then I connect with the Linksys Quick Connect with the option "use remote DNS server" checked.

-------------------------------------------------------------------------------------------------
C:\Documents and Settings\Tom>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : usergw
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : cisco

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.actdsltmp
        Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
        Physical Address. . . . . . . . . : xx-xx-xx-xx
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.10
                                            192.168.0.1
        Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:53 PM
        Lease Expires . . . . . . . . . . : Thursday, May 19, 2011 3:08:53 PM
-------------------------------------------------------------------------------------------------


Really the only thing that changed was the primary DNS, it was changed to 10.0.0.10 which is the IP of the DNS server.  However the ip address is still the same should this have changed to an IP address used within the domain?

Also, I did install Wins on the dns server, but still can't ping the "server" hostname, just the IP address.  

Does this seem correct?
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
its correct, may i know why you want name resolution via hostname?
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
WINS is only used if it is part of your IP config. According to ipconfig, it is not, so no wonder about it having no effect.

You might see that your overall domain suffix changed. What is strange (too me) is that there is only the new DNS suffix "cisco" in that config, not the local one, "domain.actdsltmp". On the other hand, that might be correct with the Linksys VPN client.

Try to issue
   nslookup «hostname».cisco 10.0.0.10
if that resolves correctly,
   nslookup «hostname» 10.0.0.10
The former will show if the DNS server knows the hostname in conjunction with the correct domain suffix, the latter if DNS suffixes are appended correctly.
Then hard-code the WINS server into your LAN IP config, and try again to reach by hostname.

If you want to make a long story short, the common way to maintain hostnames is to put the most important ones into your local  hosts   file in %SystemRoot%\system32\drivers\etc .

Author

Commented:
I understand what you are saying and I think i have some sore of acl or port issue.  After I connect with the QuickVPN, and run nslookup domain=denver

I receive " Can't find server name for address 10.0.0.10: Non-existent domain

Howerver, .10 is the domain controller.  But I can ping .10, just not resolve the name.  Could this also be a permission issue?
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
my dear dont confuse yourself.
Hostname resolution (name server lookup uisng hostname) can only be possible if you have DNS server in place + your DNS server has A record of the name server you are trying to ping/resolve.
in your case you have your router as gateway + DNS server, thats why you are unable to reolve name server using hostname.
Kerem ERSOYPresident

Commented:
Hi,

As I have told you in my frst message this DNS addres ahss been pushed to the VPN cient from the VPN server. So you'll need to configure the VPN here and you have to set the DNS to your internal onae so that it will push your inside DNS to clients.

It is easy and tiis at the first Page of VPN configuration on RV400 on "Remote Group Setup".

Cheers,
K.
Kerem ERSOYPresident

Commented:
Here's the config Screenshot. RV400 Main VPN config Screen

Author

Commented:
Thank you Syed and KeremE for keeping me on track and your both right, it's the dns setting.  In your example above. 182.168.20.33 is your internal DNS server right?

Author

Commented:
What if these VPN clients aren't a member of the domain?  How can I set them up to use the internal DNS server, but not have to join them to the domain?
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
You only need to supply the domain suffix of your domain to your VPN client's IP properties, if does not come automatically. All names will then get the domain suffix as a default, and you should be able to resolve names.
Syed_M_UsmanSystem Administrator
Top Expert 2011
Commented:
your device has limited option, you may not able to acvhive what you are looking for.
if your clinet is not a member of your domain, you can add dns setting in your vpn policy, but  this will help only if you assign DHCP address via DHCP server and Dynamic DNS registeration is checked in your DHCP server.  
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
... or if you can change that settings on a (virtual) network card's TCP/IP setting manually.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial