Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN and registering to DNS

networks_jj
Conversationalist
‎Jun 5 2019 8:28 AM
‎Jun 5 2019 8:28 AM

Client VPN and registering to DNS

We've been using MX client VPN for a few years now and overall it's been successful. We don't have too many issues, but I did notice that clients connected to the VPN are not registering in DNS. MX hands out the IPs from a range outside our normal network. We're using Windows DHCP/DNS for internal systems. We have 50 Z1 devices where clients there will register to our internal DNS, but the client VPN doesn't seem to be working the same way. 

 

We rolled our client VPN out via a PowerShell script and the 'Register to DNS server' option in the advanced settings is not checked for VPN connections. I don't see an obvious option to check that box in the add-vpnconnection or set-vpnconnection cmdlets for PowerShell. Does anyone have any advice?

 

In most cases client VPN devices not in our DNS probably isn't a big deal, but we do have some remote users who only use the client VPN and we'd like to be able to push things to them via DNS name vs looking up their IP and manually pushing. 

0 Kudos
Subscribe
7 Replies 7
Nash
Kind of a big deal
‎Jun 5 2019 9:51 AM
‎Jun 5 2019 9:51 AM

Could you share a sanitized version of your add-vpnconnection? What DNS settings do you have under Client VPN on your MX?

 

We set the internal DNS under the Client VPN screen in the MX, seen here with decorative black boxes and rando client VPN subnet:

 

clientvpn.png

 

Then I configure the VPN on the end user's device using a script that contains the following:

 

Add-VpnConnection -Name $ConnectionName -ServerAddress $ServerAddress -AllUserConnection -TunnelType L2tp -L2tpPsk $PresharedKey -AuthenticationMethod Pap -EncryptionLevel Optional -Force -WA SilentlyContinue

 

(Full scripts in GitHub.)

Windows 10 Client VPN scripts: Makes life better!
Subscribe
In response to Nash
networks_jj
Conversationalist
‎Jun 5 2019 1:29 PM
‎Jun 5 2019 1:29 PM

MX client VPN is basically the same with our internal DNS servers there. 

 

PowerShell looks like this :

Add-VpnConnection -Name $ConnectionName -ServerAddress $ServerAddress -TunnelType L2tp -AllUserConnection -L2tpPsk $PresharedKey -DnsSuffix $DnsSuffix -AuthenticationMethod Pap -Force

 

Pretty sure I got the code from here when we put it together (previously used CMAK).

0 Kudos
Subscribe
In response to networks_jj
Nash
Kind of a big deal
‎Jun 5 2019 2:46 PM
‎Jun 5 2019 2:46 PM

What happens if you do not specify DNSSuffix? I've never had to do that for my clients, assuming I had DNS configured correctly on the MX Client VPN page. In full disclosure, my clients only ever have one local domain in their AD setup.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Subscribe
In response to Nash
networks_jj
Conversationalist
‎Jun 6 2019 9:51 AM
‎Jun 6 2019 9:51 AM

I'm not 100% sure what happens, I can test and see I guess.

0 Kudos
Subscribe
In response to Nash
DavidPaganini
Conversationalist
‎Sep 18 2020 12:26 PM
‎Sep 18 2020 12:26 PM

Hi Nash!

 

How do I put a Suffix DNS in your script?

 

I have some users who use personal machines outside the domain.

0 Kudos
Subscribe
In response to DavidPaganini
ikholobayev
Just browsing
‎Sep 25 2020 9:25 AM
‎Sep 25 2020 9:25 AM

I enabled "Register this connection's address in DNS" as well as "User this connection's DNS suffix in DNS registration". After that, I changed the setting for Dynamic Updates inside the DNS zone on my Windows DNS server from "Secure only" to "Nonsecure and secure". All the VPN client host names that are not part of the domain show up in the DNS table.

0 Kudos
Subscribe
sysadamin
New here
‎Aug 31 2020 5:55 AM
‎Aug 31 2020 5:55 AM

This is a real issue with Meraki, not just the OP, we are experiencing the exact same issue with only clients connected to a Meraki Client VPN.

 

This seems to be Microsoft's fault at the core, not having a switch to register DNS when the connection is created on the client.  I haven't seen a real solution, just workarounds.

 

Going to test adding this script to my Add-VpnConnection script.

 

$RASPhoneBook = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $RASPhoneBook) -Replace 'IpDnsFlags=0', 'IpDnsFlags=3' | Set-Content $RASPhoneBook

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.