Re: Unable to connect vpn using hostname

wizard · ‎10-06-2021

Meraki recommends that client vpn must be set up using hostname. I am unable to connect when i do that. i can connect via IP but the problem is i have two internet connections and when one link goes off it would take me lengthy amount of time to reconfigure all client PCs

Brash · ‎10-06-2021

Meraki recommends using the hostname precisely for the reason you mentioned. In the event of a WAN failover, the hostname should update to the new WAN IP.

In regards to getting it working, using a hostname vs an IP address shouldn't make a difference as long as the hostname resolves correctly.

Are you using the Meraki dynamic hostname or do you have another hostname defined?

Does the hostname resolve to the correct IP on the client PC?

wizard · ‎10-15-2021

I am using the Meraki dynamic hostname. It does not resolve correctly on the client PC. That is the reason I am unable to connect using the Meraki dynamic hostname. Is there a way to make this work?

Brash · ‎10-15-2021

When you say doesn't resolve correctly, is it resolving to any IP address at all?

Is your client PC using a well known internet DNS or an internal DNS?

wizard · ‎10-15-2021

Internal DNS

cmr · ‎10-16-2021

@wizard does your internal DNS use root hints or forward to your ISP's DNS?

wizard · ‎10-18-2021

I don't think I have that set up

Brash · ‎10-18-2021

You'll need one of those set up in order to resolve domains external to your environment, including the Meraki dynamic domain name for your MX.

wizard · ‎10-18-2021

So I setup the meraki dynamic hostname in the DNS forwarder?

Brash · ‎10-18-2021

Not quite.

You need to ensure that your internal DNS can forward requests that it doesn't have the answer for. These should be forwarded to another DNS that does have the answer.

Typically you would set up to forward to an external, top level DNS, such as 8.8.8.8 (Google's DNS) or 1.1.1.1 (Cloudflare DNS

wizard · ‎10-18-2021

Thank you. so I will set up 8.8.8.8 or my local ISP IP in my DNS forwarder?

Brash · ‎10-18-2021

Yes, either should be fine

wizard · ‎10-18-2021

I will test and advise

wizard · ‎10-18-2021

DNS forwarder set to 8.8.8.8 but not working

Bruce · ‎10-18-2021

Hmmmm.... okay. Not sure what is going on here, but I've got some thoughts.

Before you connect to the VPN, you need DNS connectivity to a Public DNS server. So for instance, if you're at home or mobile you need to be getting the DNS settings via DHCP so that they point to the ISP - not your internal DNS. This will enable you to resolve the dynamic hostname initially.
When you connect you should get DNS settings pushed through the VPN configuration that are then used over the VPN connection - this will likely be your internal DNS server so you can resolve internal hostnames. The internal DNS server needs the forwarder configured as described so that the client can continue to resolve the dynamic hostname at intervals to maintain connectivity.

I'm not entirely sure, but looking at the trail of posts you may not be addressing point 1.