Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VPN DNS
  •  
Icedcool

Messages: 2
Karma: 0
Send a private message to this user
How do I set up the VPN server to point VPN clients to the internal DNS? I'm trying to get name resolution for the server over the vpn, without configureing each client computer.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I'm also interested in this, please post the solution, if you find it.
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
The way I did it was...

Admin Console | Configuration | Interfaces | Highlight VPN Server and choose EDIT | DNS Tab | Check "Use Specific DNS Servers" | Enter your local LAN DNS servers.

This works well for everything EXCEPT the KWF box itself. To get name resolution for that you'll want to put an entry in each clients host file pointing to the INTERNAL LAN address of the KWF machine. (otherwise, the VPN client would try to get name resolution (and sharenames) for the KWF box using its EXTERNAL IP). This is because (typically) your KWF server has both a public IP and a private IP - you want to make sure your VPN uses the private IP for the KWF after connected to the VPN.

Works for me.

-Frank
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
According to what I read in the docs (or online help), when a client is connected via VPN, the VPN client uses the public assigned DNS for name requests outside of the local LAN network. IOW, if you have a VPN session up, and then you go to http://www.yahoo.com, it will not force the connection through your VPN but will instead use the public ISP DNS setting. This makes sense. Normally this is what you would want. But, since your KWF VPN server itself also has a public presence, it will do the same for it. Not sure if there is a workaround. Perhaps you could monkey around with the gateway in the VPN client or something. I dunno...

-Frank
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
frankxs wrote on Wed, 07 June 2006 20:47

The way I did it was...

Admin Console | Configuration | Interfaces | Highlight VPN Server and choose EDIT | DNS Tab | Check "Use Specific DNS Servers" | Enter your local LAN DNS servers.
...
Works for me.


I guess you do not use KWF as your DNS server?

Over here (and I think most often) KWF acts as DNS server, so the setting you describe makes no difference. I can select "Use WinRoute as DNS server" or "Use specific DNS servers" and then enter KWF's LAN address, it makes no difference to the clients configuration.


What I do not understand is this, tested from my home PC while connected to KWF over Kerio VPN:

Name resolution seems to work ('tennis' is my office desktop). My home PC first tries to resolve through my ISP (DNS forwarder on my home router), this fails, but then resolves succesfully with KWF at gatekeeper.okura.nl to 10.20.20.241:
Quote:

C:\>nslookup tennis
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.1.1: Timed out
Server: gatekeeper.okura.nl
Address: 10.20.20.20

Name: tennis
Address: 10.20.20.241


However, I cannot ping 'tennis':
Quote:

C:\>ping tennis
Ping request could not find host tennis. Please check the name and try again.


But I can ping the IP address of 'tennis' directly:
Quote:

C:\>ping 10.20.20.241

Pinging 10.20.20.241 with 32 bytes of data:

Reply from 10.20.20.241: bytes=32 time=12ms TTL=127
Reply from 10.20.20.241: bytes=32 time=14ms TTL=127
Reply from 10.20.20.241: bytes=32 time=13ms TTL=127
Reply from 10.20.20.241: bytes=32 time=14ms TTL=127

Ping statistics for 10.20.20.241:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 14ms, Average = 13ms


I don't understand. Someone else does?
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
You are right. I do not use KWF as my DNS server. I have dedicated internal DNS servers (Active Directory).

-Frank
Previous Topic: Need help with installation
Next Topic: Can't do Outbound VPN or RDP (Remote Desktop)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 13:14:52 CET 2017

Total time taken to generate the page: 0.00450 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.