Avatar of Bill Herde
Bill Herde
Flag for United States of America asked on

shrewsoft VPN client and DNS

I have a Cisco ASA 5505 firewall that is set to work with ipsec vpn clients. With windows 7 it worked fine with the Cisco VPN client. With Win8 we had to abandon that in favor of the free Shrewsoft VPN client, which also worked fine.  Now we are at Win10, and the shrewsoft client is working on most PCs, but I have one that is being obstinate.
It appears that even though both the firewall and the client are set to send all DNS queries through the tunnel, they still get sent to the WAN gateway on the remote device...most of the time.  In the following clip, I connected the tunnel, then manually changed the DNS servers on the NIC to attempt to work-around the issue. Then I got something even more confusing.  If I ping or open a web browser, I get the address the WAN gateway is trying to provide. But nslookup reports the correct DNS server and IP address.

Here are the results:

C:\Users\ballen> ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ballen>ping token
Pinging token.grid.loc [213.120.234.114] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 213.120.234.114:
   Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
C:\Users\ballen>nslookup token
Server:  wendy.grid.loc
Address:  10.0.5.7

Name:    token.grid.loc
Address:  10.0.5.160


C:\Users\ballen>ping token

Pinging token.grid.loc [213.120.234.114] with 32 bytes of data:
Request timed out.


************************************
Does this make sense to anybody????
And yes, I get the same results if I enter the FQDN.
VPNCisco

Avatar of undefined
Last Comment
Bill Herde

8/22/2022 - Mon
SOLUTION
Qlemo

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
max_the_king

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Bill Herde

ASKER
I thought of that, hence the flushdns.  And there is no WINs server on our network, but I can't be sure about the client end. From what I can tell. the client is on a simple home wifi network.
max_the_king

i'm telling something really different from flushdns.
I'm afraid the problem is in PC's operating system and it matters with nic cards, either physical or wifi.

max
Bill Herde

ASKER
We may never know the answer here.  Since we now had a VPN issue, I deployed the anyconnect solution on the firewall and had the remote user start using that.  He is no longer having the problem.  I have asked him if he would take the time to R&R Shewsoft and let me know the results, but he has not done so yet, and it is unlikely he will.
Overall, I agree this was something weird going on at the remote PC with windows resolver. I would have liked to nail it down, but I don't always get what I like.  Important part is the user can work, so I get to keep doing the same.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Bill Herde

ASKER
This is the third time I have attempted to close this question.