Link to home
Start Free TrialLog in
Avatar of Mach03
Mach03

asked on

DNS issue with VPN clients

I have a Linksys RVS4000 vpn router that's is working great.  I have the internal clients setup as 10.0.0.10-xx but I'm not 100% sure I have the VPN clients setup correctly.  It looks as though the VPN clients are setup as pass-through and not granted with an internal IP?  Could that be right?

The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address.  So I have a DNS issue here.  Does anyone have any steps to successfully set the vpn clients correctly or have an idea as to what I missed?

I just looked and it's set to "gateway" mode and not router....


Thanks
Avatar of Kerem ERSOY
Kerem ERSOY

Hi,

DNS setting resides with the server. So you should add DNS server that your clients will use on  connection. This is not a clientside setting.

Cheers,
K.
For clients there is no "pass-thru" mode at all. A client will always receive an IP address from the VPN server/device; the same with DNS server addresses and DNS suffixes. Depending on the VPN Client you are using, and some settings on the client, remote DNS is used or not.
Main issue with Windows: You can only use a single DNS server. So either the remote DNS server is used for resolving all names, or your local one (from ISP).

Name resolution is done best by using a WINS server (and propagating its IP to the client). The WINS server integrates with DNS, and is able to resolve NetBIOS names without need to apply DNS suffixes, which are different in most cases for your office and home.

Whatsoever, you can see DNS, IP and WINS settings while connected by issuing   ipconfig /all    in a command prompt.
"The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address"

1)is your client computer is a member of same domain? if not than how you will be able
2) when you are @ remote location, try to connect VPN, you will get IP, Subnet and Gaetway from your office but without "DNS" , but if you look closely before connecting VPN you have IP and DNS setting on your client computer (regardless of your computer is a member of Domain or not), and you will put local ISP DNS server address in your DNS setting and connect to VPN the first DNS will be your static DNS (ISP DNS) so in any case you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully.
i also agree with Qlemo, Wins can resolve your issue.    
I WANT TO CLERIFY

"you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully"

this mean ping using hostname,
Avatar of Mach03

ASKER

I understand what your saying and that makes sense, but I fear that I may have a configuration issue with the VPN router I've never setup a RVS400 before.  

At the client BEFORE I connect, I run ipconfig /all at a remote location (home dsl):

C:\Documents and Settings\Tom>ipconfig /all

-------------------------------------------------------------------------------------------------
Windows IP Configuration

        Host Name . . . . . . . . . . . . : usergw
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.actdsltmp
        Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
        Physical Address. . . . . . . . . : xx-xx-xx-xx
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
        Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:14 PM
-------------------------------------------------------------------------------------------------

Then I connect with the Linksys Quick Connect with the option "use remote DNS server" checked.

-------------------------------------------------------------------------------------------------
C:\Documents and Settings\Tom>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : usergw
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : cisco

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.actdsltmp
        Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
        Physical Address. . . . . . . . . : xx-xx-xx-xx
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.10
                                            192.168.0.1
        Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:53 PM
        Lease Expires . . . . . . . . . . : Thursday, May 19, 2011 3:08:53 PM
-------------------------------------------------------------------------------------------------


Really the only thing that changed was the primary DNS, it was changed to 10.0.0.10 which is the IP of the DNS server.  However the ip address is still the same should this have changed to an IP address used within the domain?

Also, I did install Wins on the dns server, but still can't ping the "server" hostname, just the IP address.  

Does this seem correct?
its correct, may i know why you want name resolution via hostname?
WINS is only used if it is part of your IP config. According to ipconfig, it is not, so no wonder about it having no effect.

You might see that your overall domain suffix changed. What is strange (too me) is that there is only the new DNS suffix "cisco" in that config, not the local one, "domain.actdsltmp". On the other hand, that might be correct with the Linksys VPN client.

Try to issue
   nslookup «hostname».cisco 10.0.0.10
if that resolves correctly,
   nslookup «hostname» 10.0.0.10
The former will show if the DNS server knows the hostname in conjunction with the correct domain suffix, the latter if DNS suffixes are appended correctly.
Then hard-code the WINS server into your LAN IP config, and try again to reach by hostname.

If you want to make a long story short, the common way to maintain hostnames is to put the most important ones into your local  hosts   file in %SystemRoot%\system32\drivers\etc .
Avatar of Mach03

ASKER

I understand what you are saying and I think i have some sore of acl or port issue.  After I connect with the QuickVPN, and run nslookup domain=denver

I receive " Can't find server name for address 10.0.0.10: Non-existent domain

Howerver, .10 is the domain controller.  But I can ping .10, just not resolve the name.  Could this also be a permission issue?
my dear dont confuse yourself.
Hostname resolution (name server lookup uisng hostname) can only be possible if you have DNS server in place + your DNS server has A record of the name server you are trying to ping/resolve.
in your case you have your router as gateway + DNS server, thats why you are unable to reolve name server using hostname.
Hi,

As I have told you in my frst message this DNS addres ahss been pushed to the VPN cient from the VPN server. So you'll need to configure the VPN here and you have to set the DNS to your internal onae so that it will push your inside DNS to clients.

It is easy and tiis at the first Page of VPN configuration on RV400 on "Remote Group Setup".

Cheers,
K.
Here's the config Screenshot. User generated image
Avatar of Mach03

ASKER

Thank you Syed and KeremE for keeping me on track and your both right, it's the dns setting.  In your example above. 182.168.20.33 is your internal DNS server right?
Avatar of Mach03

ASKER

What if these VPN clients aren't a member of the domain?  How can I set them up to use the internal DNS server, but not have to join them to the domain?
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
... or if you can change that settings on a (virtual) network card's TCP/IP setting manually.