Solved

shrewsoft VPN client and DNS

Posted on 2016-10-18
6
100 Views
Last Modified: 2016-11-05
I have a Cisco ASA 5505 firewall that is set to work with ipsec vpn clients. With windows 7 it worked fine with the Cisco VPN client. With Win8 we had to abandon that in favor of the free Shrewsoft VPN client, which also worked fine.  Now we are at Win10, and the shrewsoft client is working on most PCs, but I have one that is being obstinate.
It appears that even though both the firewall and the client are set to send all DNS queries through the tunnel, they still get sent to the WAN gateway on the remote device...most of the time.  In the following clip, I connected the tunnel, then manually changed the DNS servers on the NIC to attempt to work-around the issue. Then I got something even more confusing.  If I ping or open a web browser, I get the address the WAN gateway is trying to provide. But nslookup reports the correct DNS server and IP address.

Here are the results:

C:\Users\ballen> ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ballen>ping token
Pinging token.grid.loc [213.120.234.114] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 213.120.234.114:
   Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
C:\Users\ballen>nslookup token
Server:  wendy.grid.loc
Address:  10.0.5.7

Name:    token.grid.loc
Address:  10.0.5.160


C:\Users\ballen>ping token

Pinging token.grid.loc [213.120.234.114] with 32 bytes of data:
Request timed out.


************************************
Does this make sense to anybody????
And yes, I get the same results if I enter the FQDN.
0
Comment
Question by:billherde
  • 3
  • 2
6 Comments
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 41850140
nslookup uses DNS only, and ignores the DNS cache. Everything else goes thru the Windows resolver, using hosts, NetBIOS broadcasts, WINS and DNS. Maybe there is a WINS server set up?
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 250 total points
ID: 41850410
Hi,
chances are that there is some mess in networking cards of the offended PC.
First thing you need to check that there are no multiple IP addresses on the same nic (in advanced ip connections).
If that is clean, you need to uninstall shrew soft completely (along with the virtusl card installed) which you should verify after reboot; then, when you're sure it is clean, you may reinstall shrew soft.

hope this helps
max
0
 
LVL 3

Author Comment

by:billherde
ID: 41850414
I thought of that, hence the flushdns.  And there is no WINs server on our network, but I can't be sure about the client end. From what I can tell. the client is on a simple home wifi network.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 16

Expert Comment

by:max_the_king
ID: 41850426
i'm telling something really different from flushdns.
I'm afraid the problem is in PC's operating system and it matters with nic cards, either physical or wifi.

max
0
 
LVL 3

Author Comment

by:billherde
ID: 41854447
We may never know the answer here.  Since we now had a VPN issue, I deployed the anyconnect solution on the firewall and had the remote user start using that.  He is no longer having the problem.  I have asked him if he would take the time to R&R Shewsoft and let me know the results, but he has not done so yet, and it is unlikely he will.
Overall, I agree this was something weird going on at the remote PC with windows resolver. I would have liked to nail it down, but I don't always get what I like.  Important part is the user can work, so I get to keep doing the same.
0
 
LVL 3

Author Closing Comment

by:billherde
ID: 41875470
This is the third time I have attempted to close this question.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question