Unable to connect vpn using hostname

wizard
Comes here often

Unable to connect vpn using hostname

Meraki recommends that client vpn must be set up using hostname. I am unable to connect when i do that. i can connect via IP but the problem is i have two internet connections and when one link goes off it would take me lengthy amount of time to reconfigure all client PCs

14 REPLIES 14
Brash
Building a reputation

Meraki recommends using the hostname precisely for the reason you mentioned. In the event of a WAN failover, the hostname should update to the new WAN IP.

 

In regards to getting it working, using a hostname vs an IP address shouldn't make a difference as long as the hostname resolves correctly.

Are you using the Meraki dynamic hostname or do you have another hostname defined?

Does the hostname resolve to the correct IP on the client PC?

wizard
Comes here often

I am using the Meraki dynamic hostname. It does not resolve correctly on the client PC. That is the reason I am unable to connect using the Meraki dynamic hostname. Is there a way to make this work?

Brash
Building a reputation

When you say doesn't resolve correctly, is it resolving to any IP address at all?

Is your client PC using a well known internet DNS or an internal DNS?

wizard
Comes here often

Internal DNS

cmr
Kind of a big deal
Kind of a big deal

@wizard does your internal DNS use root hints or forward to your ISP's DNS?

wizard
Comes here often

I don't think I have that set up

Brash
Building a reputation

You'll need one of those set up in order to resolve domains external to your environment, including the Meraki dynamic domain name for your MX.

wizard
Comes here often

So I setup the meraki dynamic hostname in the DNS forwarder?

Brash
Building a reputation

Not quite.

You need to ensure that your internal DNS can forward requests that it doesn't have the answer for. These should be forwarded to another DNS that does have the answer.

Typically you would set up to forward to an external, top level DNS, such as 8.8.8.8 (Google's DNS) or 1.1.1.1 (Cloudflare DNS

wizard
Comes here often

Thank you. so I will set up 8.8.8.8 or my local ISP IP in my DNS forwarder?

Brash
Building a reputation

Yes, either should be fine

wizard
Comes here often

I will test and advise

wizard
Comes here often

DNS forwarder set to 8.8.8.8 but not working

Bruce
Kind of a big deal

Hmmmm.... okay. Not sure what is going on here, but I've got some thoughts.

 

  1. Before you connect to the VPN, you need DNS connectivity to a Public DNS server. So for instance, if you're at home or mobile you need to be getting the DNS settings via DHCP so that they point to the ISP - not your internal DNS. This will enable you to resolve the dynamic hostname initially.
  2. When you connect you should get DNS settings pushed through the VPN configuration that are then used over the VPN connection - this will likely be your internal DNS server so you can resolve internal hostnames. The internal DNS server needs the forwarder configured as described so that the client can continue to resolve the dynamic hostname at intervals to maintain connectivity.

I'm not entirely sure, but looking at the trail of posts you may not be addressing point 1.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels