Local WiFi/Ethernet IP's being registered in DNS along with VPN IP

MrMeraki
Here to help

Local WiFi/Ethernet IP's being registered in DNS along with VPN IP

I'm sure this is a similar issue faced by many people during the pandemic with 90% of staff working remotely.....

Scenario:

Computer Name B6H74C2 connects to corporate VPN (using Meraki client/standard Windows VPN)

IT then want to push windows updates and software to that machine occasionally (remotely).

Often the software push fails saying the machine name could not be found or there was a network error.

What is actually happening here is under DNS exists the following:
B6H74C2      10.10.10.168 (Corporate VPN DHCP pool)
B6H74C2       192.168.0.4 (their home network)

Now I know exactly why this is and it's because the option to register this connection in DNS + the suffix option is ticked under the LAN adaptor AND the VPN adaptor.

Simple solution is to untick it from the LAN adaptor however 6 months down the line when this user is back in the office they'll no longer register in DNS properly and may not get updates/software pushes.

 

For some machines we are also getting IPv6 registered so in extreme case 1 computer connected on the VPN can register 6 IP's

 

VPN IPv4
LAN IPv4
WiFi IPv4
VPN IPv6
LAN IPv6
WiFi IPv6

 

Also is there a way to launch the VPN automatically on startup?  I know you can click on it on login page but we have a increasing amount of VPN dodgers at the moment in our workforce which makes patching hard work!

1 REPLY 1
PhilipDAth
Kind of a big deal
Kind of a big deal

>Also is there a way to launch the VPN automatically on startup?

 

Kinda.  Check out the rasdial command.

 

 

Can you sort the DNS entries on when they were registered?  The fastest solution might be to delete all the entries older than some timeframe you feel comfortable with.

 

 

If your patch system uses the "Windows Update" mechanism for deploying updates (like WSUS) you can use this powershell command to check for updates.

 

powershell "(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()" 

 

Then you could add this to the machine startup (or user login).  Then the machine will reach in for updates, rather than you having to push them.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels