VPN possible DNS issues?

CharlesIsWorkin
Building a reputation

VPN possible DNS issues?

Hi all,

We have an MX64 connected to our Core Switch that administers our VPN and acts as our gateway with modems attached to it. So we have VPN on a certain subnet, and the nameservers are specificed as our Domain Controllers.

We have the domain on a different subnet, and that seems to be working fine with our DNS servers. 

 

When I VPN in from home, the connection is established fine. But when I go to use Remote Desktop to log onto my work computer, I can't type in its name or its ip address. I can't hit anything with Remote Desktop by name; I can only remote into the Domain Controllers via their IP addresses, which are specified as the nameservers in the Meraki dashboard.

 

Got any hints for me? I'm all ears!

 

Thanks peeps!

11 REPLIES 11
wrespawn
Here to help

At the home computer, when you type ipconfig /all does the MX come up as the DNS server or does your DNS server on the other side of the VPN come up? if you manually type in the DNS server in the DNS section of your network adapter's IP properties are you able to resolve hostnames? 

I will certainly check that tonight. I have specified the DNS servers in my VPN connection, but not in my main connection.

 

Strangely, I have two long-time users without any special settings that use VPN just fine. One is an off-site domain computer that is almost always connected via Remote Desktop to a computer on-site.

Another is a regular remote user. I haven't seen anything of note in their settings.

 

What do you think of split-tunneling? Someone mentioned that to me as a possible solution.

https://documentation.meraki.com/MX-Z/Client_VPN/Configuring_Split-tunnel_Client_VPN

I'm looking through my Meraki dashboard, where did you specify what DNS servers to use for your VPN connections? Is this regarding "Client VPN" or "Site to Site", sounds like Client but I want to make sure? 

Yep, Client VPN.

MRCUR
Kind of a big deal

Are you tunneling all traffic or doing split-tunnel? Do you have the correct domain suffix(s) applied to the VPN connection so you can use unqualified names? 

MRCUR | CMNO #12
CharlesIsWorkin
Building a reputation

Hmmm, I'm not sure about the domain suffixes part. How would I check that?

By default I was tunneling all traffic, but last night I enable split tunneling and still no change.

Does the MX64 route a route to your AD controllers?

Yes, one of the nameservers is also the AD controller.

@CharlesIsWorkin You can use PowerShell to get or set the VPN domain suffix. See here: https://docs.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnection?view=win10-ps

 

Regarding @PhilipDAth's question - you're using a DC as a DNS server for client VPN, but does the MX have a route to the DC (can the MX ping the DC)? 

MRCUR | CMNO #12
CharlesIsWorkin
Building a reputation

Ok, so if I am right, this is how I would test that.

I log into the dashboard, go to Security Appliance > Status>Tools>Ping.

Then plug in those IP addresses, right? They both pinged fine with 1ms latency.

Netwow
Building a reputation

I am having the same issue and have found that it is specific to Windows 10. Windows 7 machines resolve DNS over VPN fine . However Windows 10 machines do not. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels