cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN & DNS Server Preference

Highlighted
Here to help

Client VPN & DNS Server Preference

I believe I know the answer to this question but I'm hopeful there is an easier method to address this. I've got a new MX100 implementation with Client VPN configured. Users are able to authenticate and access the network just fine via Client VPN. The issue is that Windows Users are not using the internally defined DNS server as their preferred DNS server. In other words, when they attempt to resolve a corporate hostname, their local ethernet adapter's DNS server is being used rather than the VPN adapters DNS servers. Is the only way to address this by changing the network adapters metric so that the VPN adapter is preferred?

 

Note: this is NOT an issue with the DNS suffix. Also note that on MacOS this is a non-issue. On Mac's it automatically prefers the the VPN adapter's DNS servers. Thanks in advance!

6 REPLIES 6
Highlighted
Kind of a big deal

Re: Client VPN & DNS Server Preference

I can't say I have had that issue.

 

If  Windows 10 user connects and you run "nslookup", does it say it is using the VPN or Ethernet adaptors DNS server?

Highlighted
Kind of a big deal

Re: Client VPN & DNS Server Preference

@ClaytonMeyer  have you tried changing the network adaptors priority? If you put VPN at the top all traffic should then pass through the VPN including DNS

 

 

http://ecross.mvps.org/howto/change-network-connection-priority-in-windows-10.htm

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Meraki Employee

Re: Client VPN & DNS Server Preference

Hey Clayton,

 

Connor here from Meraki Support. Try changing the adaptor metric in the settings pane also. You can get to it by navigating to: 

 

Control Panel > Network and Sharing Centre > Change Adapter Settings > *right click the WAN Miniport adapter for the VPN* > Properties > Networking > IPv4 > Properties > Advanced > *untick Automatic Metric* and set it to 1

 

Screenshot 2019-09-19 at 16.01.53.png

 

The screenshot is from Windows 7 (throwback) but it's the same method for Windows 10. This usually gets around Windows wanting to use the Ethernet/WLAN adapter's DNS settings, like you said for macOS ticking "Use VPN for all traffic" (not exact quote) also solves this. 

 

All the best!

 

Kind regards,

 

--

Connor Loughlin
Network Support Engineer
EMEA 🇬🇧

.:|:.:|:. Cisco Meraki

 

Highlighted
Here to help

Re: Client VPN & DNS Server Preference

Thank you both! I suspect that will fix it. I was hoping for another method that didn’t require touching all of the workstations though. I’ll post a follow up after testing.

Highlighted
Meraki Employee

Re: Client VPN & DNS Server Preference

Anytime mate, let me know how you get on.
Highlighted
Here to help

Re: Client VPN & DNS Server Preference

Thanks again all for the replies. I advised the MX100 admin of the NIC changes but haven't heard back yet. I'll have to wait & see what they say. Hoping for a Meraki/Anyconnect like client in the near future that will address some of these issues going forward.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.