Re: VPN Clients DNS Issue

The problem is the way that Windows XP has the network adapters bound. Even
if you change the binding order it still doesn't work right. You have to
manually go to HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\LINKAGE\BIND and
cut \device\ndiswanip from the bottom and paste it to the top. Once you do
this the DNS will resolve correctly when you are connected to a VPN. Here
is code for a vbscript that will do it for you automatically.

Const HKLM = &H80000002

sComputer = "."

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& sComputer & "\root\default:StdRegProv")

sKeyPath = "SYSTEM\CurrentControlSet\Services\Tcpip\Linkage"
sValueName = "Bind"

oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues

arValuesNew = Array()

For i = 0 To UBound(arValues)
If i = 0 Then
If LCase(arValues(i)) = "\device\ndiswanip" Then
' entry is alredy first in the list, no point in continuing
Exit For
Else
' put NdisWanIp in the first element in the new array
ReDim Preserve arValuesNew(0)
arValuesNew(0) = "\Device\NdisWanIp"
End If
End If

If LCase(arValues(i)) <> "\device\ndiswanip" Then
iCountNew = UBound(arValuesNew) + 1
ReDim Preserve arValuesNew(iCountNew)
arValuesNew(iCountNew) = arValues(i)
End If
Next

If UBound(arValuesNew) > -1 Then
oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew
End If


"David" <david@xxxxxxxxx> wrote in message
news:eVif7Mg%23HHA.1416@xxxxxxxxxxxxxxxxxxxxxxx
It is a PPTP client connecting to a Watchguard Firebox. When the client
connects to the VPN they receive our LAN DNS servers as both the primary
and secondary DNS servers on the VPN connection. I disabled DNS cache and
tried again but it resolved to the same thing. When I do an nslookup on
the client it shows that the default DNS server is the DNS server that is
local to the VPN client and not our network. How can I force a DNS server
once connected to a VPN? Is there a DNS server metric?

"Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx> wrote in message
news:ehULRRx9HHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
Read inline please.

In news:ePQqJfw9HHA.5424@xxxxxxxxxxxxxxxxxxxx,
David <david@xxxxxxxxx> typed:
I know it's really weird. One of the clients is working really well,
but all the others are keeping the external resolution for our
webmail domain after remoting in. I tried doing an ipconfig
/flushdns, but the VPN client was still resolving to the external IP.
Has anyone seen this before? We are using a Watchguard firewall to
handle our PPTP VPN. Other then this strange issue it has been
working extremely well.

Is this a site to site VPN or a client to site VPN?

This is more a problem with your Watchguard Firewall VPN client. It is
obviously becoming your default gateway, and your ISP's DNS are still
your
Preferred DNS. Meaning your ISP DNS is resolving the name to its public
address which won't work if the VPN is your default gateway. If you have
only one subnet on your network, the VPN need not be your default
gateway,
you can maintain your ISP as your default gateway, while packets destined
to
the remote network will go up the VPN. Provided your local network is not
the same subnet as the remote network.
Post your ipconfig /all with the VPN connected.

It is also possible that this is a caching issue, stopping the DNS client
service
(net stop dnscache in a cmd prompt) will verify this.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================






.

Relevant Pages

  • Re: Name resolution for VPN Clients
    ... using an IP that is part of the VPN client's normal "local" network ... A local network is a network-cheaper name lookup than any VPN connection. ... define the "local" DNS server to be one provided by your ISP ... permanent LAN Client or a VPN User. ...
    (microsoft.public.isa.vpn)
  • Re: Offsite DNS question
    ... > Work network = DHCP internaly assigned address and associated IP ... > always told to use their network's DNS server, ... mind, when using a VPN, the VPN interface becomes the default interface. ...
    (microsoft.public.win2000.active_directory)
  • Re: Outgoing VPN Error 619
    ... Jim Harrison (ISA SE) ... A network capture will be very revealing. ... Ok Inbound VPN access is now working, just the Outbound VPN problem to go ... As long as the VPN client is assigned an address from this predefined ...
    (microsoft.public.isa.vpn)
  • Re: Outgoing VPN Error 619
    ... on the ISA server and set it to capture both ISA interfaces while I try ... A network capture will be very revealing. ... Ok Inbound VPN access is now working, just the Outbound VPN problem to go ... As long as the VPN client is assigned an address from this predefined ...
    (microsoft.public.isa.vpn)
  • Re: Outgoing VPN Error 619
    ... there is no gain in duplicating DNS server in multiple NICs. ... A network capture will be very revealing. ... Ok Inbound VPN access is now working, just the Outbound VPN problem to go ... As long as the VPN client is assigned an address from this predefined ...
    (microsoft.public.isa.vpn)