Hello,

I have the following problem:

I have a VPN set up so that I can connect to my office computer. This is set up so that internet traffic goes through my isp, and not through the VPN (split tunneling).

The problem is with DNS though: When I connect to the VPN, all name queries seem to be automatically routed to the VPN DNS server, which only knows about local names.
(I used a sniffer to verify this).
So, ping by ip works fine, but ping by name fails.

No other user of the same VPN has this problem. I also have a second computer, with Win 2K, that doesn't display this problem when connecting to the VPN.

Any thoughts? I am a bit stuck. Thank you very much!

What is the OS of the computer running the VPN server? How is your home PC getting an IP address? How do the other PC's that can resolve by name connecting to the VPN?

Can you post your IP settings once you are connected to the VPN? I have some ideas, but I need a little more detail such as IP addresses, router configs, etc.

Thanks for the interest.

-- The computer in question is a laptop and is getting an IP address in one of two ways: from an ADSL modem/router, when I'm at home, or connects to a port with a fixed IP assigned to it at an office network (different office). In both cases, the situation re: VPN/DNS issues is the same.

The other PCs that can resolve by name are connecting the exact same ways.

In the case of the problem computer, when the VPN is connected, nslookup returns an answer from the local VPN nameserver only.

Thanks again.

I need more information about the PC at your office that you are connecting to. It's OS version, its IP address, etc.

Is this a PPTP Microsoft VPN?

It's actually a file server, running Win 2003 server.

The VPN is L2TP IPSec.

As for IPs: both the VPN and my home network are in the 10.xxx.xxx.xxx range (10.0.0.x for the home network, 10.255.255.x for the VPN network). The VPN server's internal IP is 10.255.255.254.

Ok, I'm not too familiar with those types of VPNs, but I can still try to help.

When you are at home and you connect to the VPN, is the VPN virtual connection issued an IP address on the 10.255.255.0/?? subnet? Is it issued an address for a DNS server? In theory, broadcast packets will not traverse through router interfaces. In Windows 2000 and later, name resolution on Windows networks is done mostly through DNS or WINS Servers. Other OS's just use broadcast packets for name resolution.

I have my Win2k Server PPTP VPN Server configured to hand out IP addresses to VPN clients from its DHCP Pool. I am issued DNS Server addresses, but they are the external pointer addresses that the Win2k server points to, not its private internal address.

What DNS Server address is your VPN connection being assigned?

When you are at home and you connect to the VPN, is the VPN virtual connection issued an IP address on the 10.255.255.0/?? subnet?

** Yes.

Is it issued an address for a DNS server?

** Good question. How can I find out?

Many thanks!

Actually, I did find out.

It is issued a DNS server address. It was being issued the internal DNS server address (ie, a 10.255.255.x address, serving VPN local names). We changed it so now it provides an external DNS server address.

With this change, nslookup works fine, but ping and internet browsing still don't work. Using a packet sniffer, I notice that ping and http requests generate NBNS queries, instead of DNS queries, which are sent, via the Ethernet interface, to a local address (10.255.255.255) and die.

Can you change it back so the DNS server that is issued to VPN clients is the internal 10.255.255.x address? I would think this name server would have the DNS records needed?

If your VPN connection is anything like PPTP VPN connections, go to the TCP/IP properties of the connection. See if there is an Advanced section. If there is, look for a setting that says "Use default gateway on remote network". If it's checked, uncheck it. Reconnect. See what happens.

It's unchecked
First thing I did, a week ago :-)
The 10.255.255.xxx DNS server is VPN-local, ie it only knows about local resources. We tried this, and the problem is as described. When we changed it, at least nslookup works (not much consolation though).

Do you have your external pointer addresses set correctly?

Hhmm. Not clear what this means. How do I set them?

It's in the DNS settings config on the Win2003 box. If DNS is enabled on an AD server, it will resolve all local names, ie names that it learns about on the local LAN through DHCP. You assign the DNS server "external IP addresses", typically the DNS servers of your ISP. These will then be queried if a client on your LAN wants to resolve www.google.com for example.

Client query --> Local DNS server --> ISP DNS Server

Try that and let me know.

I have exactly the opposite issue. My DNS is staying at what the ADSL modem sets it. When I try to ping an internal host (name, not IP) it cannot resolve the IP address.

The PPTP VPN connection is assigned an IP and DNS records, (they show up in ipconfig /all) but the default nameserver is still my ADSL modem/router.

How do I force Windows to use the VPN DNS server as the default DNS server?

on the client

1.
Click Start, click Run, type regedit32 in the Open box, and then click OK.

2.
Click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage

3.
In the right pane, double-click Bind.

4.
In the Value data box, select the "\Device\NdisWanIp" item, press CTRL+X, click the top of the list of devices, and then press CTRL+V.

5.
Click OK, and then quit Registry Editor.

Tech Tanya
SR Eng