Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Nonapeptide@xxxxxxxxx
- Date: Tue, 27 May 2008 18:06:04 -0700 (PDT)
On May 27, 8:59 pm, Nonapept...@xxxxxxxxx wrote:
On May 27, 4:45 pm, "Phillip Windell" <philwind...@xxxxxxxxxxx> wrote:
<Nonapept...@xxxxxxxxx> wrote in message
news:c2fd66e1-4161-449b-b2c5-13172b3958e6@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Let me see if I understand the situation correctly. Supposedly,
whatever DNS and WINS wettings are on the VPN server will be inherited
by all VPN clients.
[Phil] No.
What if the VPN server has more than one network
card?
[Phil] Not relevant
Which interface will the information be inherited from?
[Phil] It is not "inherited". The client get its config from DHCP combined
with the DHCP Relay Agent.
connectoid is a CMAK creation. I'm quickly becoming less and less
enchanted with CMAK. Moving on... I created a new VPN connection the
[Phil] Never used CMAK, was never interested in it,..so I can't help you
with that.
Here's what puzzles me. I have a separate DHCP server on the remote
network. I set up RRAS with the relay agent turned on. My DHCP server
shows that the RRAS server likes to grab 9 DHCP leases at a time.
[Phil] Normal. You probably have 8 RRAS ports (probably 4 PPTP & 4 L2TP)
plus one for the RRAS "internal" interface which gives you 9.
IP address that is definitely NOT my VPN server.
[Phil] Not supposed to be
The IP address is acually one of the 9 that RRAS server too from DHCP.
[Phil] Supposed to be
the DHCP relay agent. I checked and noticed two interfaces in the
relay agent console; "Local Area Connection" and "Internal".
[Phil] Supposed to be that way. This is probably the Root of all your
trouble. I think for the DHCP Relay Agent to work correctly it needs to be
set to Local Area Connection because that is the interface that "faces" the
DHCP Server that the agent needs to do all of its "agent-ing" with. But I
could be wrong,...try that first, if it doesn't work set it to "internal".
second is a "PPP adapter RAS Server (Dial in) Interface" and it seems
to be using one of the 9 DHCP addresses that it got from the DHCP
server. Okay, so should that interface have DNS/WINS info put in it?
[Phil] No. Supposed to be *left alone*
Flustered, I turned off the DHCP relay agent,
[Phil] Turn it back on
made a static pool of
addresses and retried. Same symptoms. The PPP adapter uses the first
IP in the static pool, client machines grab up the rest and no DNS or
NetBIOS is resolving over the VPN. Argh.
[Phil] Get rid of the Pool
Should I install DNS and WINS on the VPN server?
[Phil] No. I believe the Root of your problem was the interface that the
DHCP Relay Agent was associated with. It is really fairly
simple,...correctly configure the DHCP Relay Agent,...and the Clients get
the same IP Config from the same DHCP Scope as all the other machines on the
same IP segment on the LAN,...that's it,..it's that simple,...so the more
complex your "solution", the less likely it is the correct solution.
The DHCP Relay Agent is not required the get an IP#,...you can get that
without the Agent. But you need the Agent to get DHCP Options (like WINS,
DNS, etc). Without the Agent all you get is the IP#.
--
Phillip Windellwww.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
[Phil] It is not "inherited". The client get its config from DHCP combined
with the DHCP Relay Agent. <<
That would make sense. I was a bit confused by the following
however...
Quoth ChicagoTech.net:
"
Name resolution Issue in a VPN client
To assign the DNS and WINS to a VPN client for name resolution, you
should configure VPN server with the IP addresses of the appropriate
DNS and WINS servers. The VPN client inherits the DNS and WINS
configured on the VPN server. If name resolution does not work from
the VPN server, it will not work for VPN clients.
"
Does that mean that DNS/WINS information is inherited only when the
VPN client gets a static IP from the RRAS server? On the surface,
there seems to be a contradiction in what I'm hearing.
[Phil] Never used CMAK, was never interested in it,..so I can't help you
with that. <<
How do you deploy VPN connectoids to clients? Or maybe that's
something that you don't have to do in your situation.
[Phil] Normal. You probably have 8 RRAS ports (probably 4 PPTP & 4 L2TP)
plus one for the RRAS "internal" interface which gives you 9.<<
Oddly enough, I've got 1 WAN Miniport (PPPOE), 128 PPTP ports, 128
L2TP ports, and 1 Direct Parallel port.
the DHCP relay agent. I checked and noticed two interfaces in the
relay agent console; "Local Area Connection" and "Internal".
[Phil] Supposed to be that way. This is probably the Root of all
your
trouble. I think for the DHCP Relay Agent to work correctly it needs
to be
set to Local Area Connection because that is the interface that
"faces" the
DHCP Server that the agent needs to do all of its "agent-ing" with.
But I
could be wrong,...try that first, if it doesn't work set it to
"internal". <<
Just to make sure that we're on the same page; I see "Local Area
Connection" and "Internal" when I select the "DHCP Relay Agent"
heading under "IP Routing" in the RRAS console. Both were set to
"Relay mode: Enabled". For giggles, I disabled "Internal" but that
didn't change anything.
There's a second setting that affects DHCP. If you right-click >>
properties the RRAS server in the RRAS console and then select the
"IP" tab you'll see at the bottom a place where you can select the
interface that is used for getting DHCP for clients. The local area
connection on the LAN is the selected interface. "Internal" is not a
choice here; Only the local area connection and then a 1394 adapter
(Firewire card).
Flustered, I turned off the DHCP relay agent,
[Phil] Turn it back on <<
I turned it back on and am successfully getting DHCP to VPN clients.
[Phil] Get rid of the Pool <<
Done.
[Phil] No. I believe the Root of your problem was the interface that the
DHCP Relay Agent was associated with. It is really fairly
simple,...correctly configure the DHCP Relay Agent,...and the Clients
get
the same IP Config from the same DHCP Scope as all the other machines
on the
same IP segment on the LAN,...that's it,..it's that simple,...so the
more
complex your "solution", the less likely it is the correct solution.<<
Okay, so the only configuration change from my original options is
that under "DHCP Relay Agent" the interface named "Internal" has been
disabled. In the "IP" tab of the RRAS server, the local area
connection is selected as the DHCP interface, but it was selected all
along anyway. That hasn't changed.
I agree about how it should be simple. It just seems that everything
gets more complex than it is. :)
The DHCP Relay Agent is not required the get an IP#,...you can get that
without the Agent. But you need the Agent to get DHCP Options (like
WINS,
DNS, etc). Without the Agent all you get is the IP#. <<
I wasn't aware of that.
Could this be a problem with my DHCP server? It's just a LinkSys RV082
that acts as the Gateway, DNS, DHCP, and space heater. That would be
curious since all clients on the LAN get DHCP with options just fine.
Any and all help from anyone and their extended family would be
appreciated. :)
Thanks,
Ack! I forgot to mention that when I "ipconfig /all" on a VPN client
machine, it correctly shows that I have the remote network's DNS
server as that VPN tunnel's primary DNS server. The options are
arriving, but could the packets be stripped out over the VPN?
.
- References:
- DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Nonapeptide
- Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Nonapeptide
- Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Robert L. \(MS-MVP\)
- Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Nonapeptide
- Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Phillip Windell
- Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- From: Nonapeptide
- DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- Prev by Date: Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- Next by Date: Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- Previous by thread: Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- Next by thread: Re: DNS and NetBIOS names not resolving over a PPTP VPN using RRAS
- Index(es):
Relevant Pages
|
