DNS through VPN

[kwei]

I am running VPN through W2K Server. When I connect to the remote network, I can ping any node by IP fine, but my remote client will not see other nodes by name. I can however see the DC that I VPN into, but I figure thats because I'm directly connected to it, durr: ) Any suggestions on where to start looking for solutions to this? It would be nice to not have to goto my DHCP table and look up IP addresses....

Thank you,

Justin

 

[mikes999]

I daresay to look into VPN client's IP config, and make sure that the first DNS in list is the one of that DC you're logging into. It is also possible, that the VPN server has misconfigured DNS's IP, albeit unlikely.

M.S.

 

[kwei]

DNS Tables are ok...heres my ipconfig/all
C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : hostname
Primary DNS Suffix . . . . . . . : x.x.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : x.x.local
snowfire
x.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : snowfire
Description . . . . . . . . . . . : 3Com 10/100 Mini PCI Ethernet Adapte
r
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.10.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.1
DHCP Server . . . . . . . . . . . : 10.10.10.4
DNS Servers . . . . . . . . . . . : 10.10.10.4
Lease Obtained. . . . . . . . . . : Wednesday, February 12, 2003 8:36:02
PM
Lease Expires . . . . . . . . . . : Thursday, February 20, 2003 8:36:02
PM

PPP adapter VPN Bend:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.105
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.10.10.105
DNS Servers . . . . . . . . . . . : 10.10.10.4

 

[John Lewis]

You have some routing issues here.

Really, the ipconfig output looks odd in general. Are you connecting over an internet connection, or are you just trying to create a secure tunnel on your local network?

All of the addresses seem to be on the same network. The VPN IPs should be on a separate network. As it is now, your VPN will never see traffic.

 

[kwei]

This is over the net. Both networks are using 10.10.10/24 which is why they look the same, sorry about the confusion..here is another server setup exactly the same way connected to from the same client, maybe this will be less confusing:

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : hostname
Primary DNS Suffix . . . . . . . : x.x.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : x.x.local
snowfire
x.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : snowfire
Description . . . . . . . . . . . : 3Com 10/100 Mini PCI Ethernet Adapte
r
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.10.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.1
DHCP Server . . . . . . . . . . . : 10.10.10.4
DNS Servers . . . . . . . . . . . : 10.10.10.4
Lease Obtained. . . . . . . . . . : Wednesday, February 12, 2003 8:36:02
PM
Lease Expires . . . . . . . . . . : Thursday, February 20, 2003 8:36:02
PM

PPP adapter VPN Lake Oswego:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.17.17.51
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 172.17.17.51
DNS Servers . . . . . . . . . . . : 172.17.17.4

 

[John Lewis]

You're gonna have to change one of the networks to a different network address. Can't route between the two networks if they both have the same address.

Your VPN addresses should come from a third pool, as each VPN is it's own little network.

 

[kwei]

Ok here is the latest update on it. Changed I am on the 172.17.16/24 network with my client. The VPN server resides on a 10.10.10/24, and I specified a new range for the VPN to use from 10.10.2.150 to .160. Still am running into same dificulties. One thing that I just noticed that may or may not be an issue is that the subnet of VPN connection is going to 255.255.255.255. I'm not sure if thats "supposed" to be like that or not.

Is there something else I'm missing or not tuning into with your instructions? Thanks for the help!

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : x
Primary DNS Suffix . . . . . . . : x.x.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : x.x.local
x.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : x.x.local
Description . . . . . . . . . . . : 3Com 10/100 Mini PCI Ethernet Adapte
r
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.17.16.132
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.17.16.1
DHCP Server . . . . . . . . . . . : 172.17.16.4
DNS Servers . . . . . . . . . . . : 172.17.16.4
Lease Obtained. . . . . . . . . . : Thursday, February 13, 2003 8:30:15
AM
Lease Expires . . . . . . . . . . : Friday, February 21, 2003 8:30:15 AM


PPP adapter VPN Snowfire:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.2.151
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.10.2.151
DNS Servers . . . . . . . . . . . : 10.10.10.4

 

[AjayM]

Don't worry about the routing, as you mentioned you are already connected and are not having problems with connectivity or pinging (by IP address).

I guess the biggest question here is, at your remote site, do those DNS servers have any information from the main site? For instance in your second example (so we don't get confused on the IP's of the subnets)
Does DNS server at 172.17.16.4 have records or pointers to the DNS server at 10.10.10.4? Basically if you want DNS to run on a private network all the DNS servers have to point to each other, as obviously there are no Root servers to go to. I think the best setup would be to setup secondaries at all VPN locations, you get a little extra redundancy, plus depending on how the VPN is setup you could reduce traffic a little bit.

Andrew

 

[kwei]

Ok guys, I got it wokred out. AjayM you were on the right track...I didnt have my reverses configured on the VPN servers (never really needed to before now). So I set them up. Made sure DHCP forces DNS updates, and walla...everything seems to be working perfectly now. Thanks for all the suggestions and help guys, I cant take credit for figuring it out myself, a buddy of mine suggested I look into that issue. Again, much appreciated!

Justin