Running Sophos UTM 9.103-5
Behind firewall am running a Windows Home Server 2011 with DNS role enabled
Windows7x64 client laptop running Sophos x86 open-vpn client 2.0.0.0
Internal network 192.168.10.0/24
SSL VPN Ip Pool: 192.168.100.128/28
I have two SSL tunnel profiles activated on my UTM
One with a gateway and the other local networks defined only
When connected to the profile with gateway network the remote access runs fine with all of my internal network devices (homeserver.myssldomain.com, xbmc.myssldomain.com, zoneminder.myssldomain.com) being resolved to the internal network ip addresses and everything pinging properly to the internal IP's.
When I connected via the split tunnel profile (no internet access across the VPN tunnel), internal name resolution to myssldomain.com ip devices is lost and defaults to the public dns entries for myssldomain.com. I CAN ping all internal IP's so the tunnel works and if I do an NSLOOKUP designating the internal homeserver.myssldomain.com DNS server DNS resolution is correct so the DNS service is not being blocked by any firewalls.
On my Windows7x64 installation, an ipconfig /all shows the following:
Please note that the VPN DNS server is resolving correctly. I am not running in any kind of an Active Directory network at my company (I am beind another Sophos UTM running DHCP and DNS on the UTM). I think this is some kind of an optijon missing on the SSL VPN client.
Any suggestions on troubleshooting would be helpful.
Behind firewall am running a Windows Home Server 2011 with DNS role enabled
Windows7x64 client laptop running Sophos x86 open-vpn client 2.0.0.0
Internal network 192.168.10.0/24
SSL VPN Ip Pool: 192.168.100.128/28
I have two SSL tunnel profiles activated on my UTM
One with a gateway and the other local networks defined only
When connected to the profile with gateway network the remote access runs fine with all of my internal network devices (homeserver.myssldomain.com, xbmc.myssldomain.com, zoneminder.myssldomain.com) being resolved to the internal network ip addresses and everything pinging properly to the internal IP's.
When I connected via the split tunnel profile (no internet access across the VPN tunnel), internal name resolution to myssldomain.com ip devices is lost and defaults to the public dns entries for myssldomain.com. I CAN ping all internal IP's so the tunnel works and if I do an NSLOOKUP designating the internal homeserver.myssldomain.com DNS server DNS resolution is correct so the DNS service is not being blocked by any firewalls.
On my Windows7x64 installation, an ipconfig /all shows the following:
Code:
Windows IP Configuration
Host Name . . . . . . . . . . . . : MYLAPTOP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : companynetwork.com
myssldomain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : companynetwork.com
Description . . . . . . . . . . . : Targus Giga Ethernet
Physical Address. . . . . . . . . : 00-01-02-03-04-05
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : aaaa::bbbb:cccc:dddd:f75a%35(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.99.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 12, 2013 8:28:47 AM
Lease Expires . . . . . . . . . . : Monday, August 12, 2013 11:58:47 AM
Default Gateway . . . . . . . . . : 10.10.99.1
DHCP Server . . . . . . . . . . . : 10.10.99.1
DHCPv6 IAID . . . . . . . . . . . : 285233334
DHCPv6 Client DUID. . . . . . . . : 00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D
DNS Servers . . . . . . . . . . . : 10.10.99.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter OpenSSLVPN:
Connection-specific DNS Suffix . : myssldomain.com
Description . . . . . . . . . . . : Sophos SSL VPN Adapter
Physical Address. . . . . . . . . : 00-AA-BB-CC-DD-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : dddd::cccc:bbbb:aaaa:70eb%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.134(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Monday, August 12, 2013 8:33:09 AM
Lease Expires . . . . . . . . . . : Tuesday, August 12, 2014 11:01:03 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.10.133
DHCPv6 IAID . . . . . . . . . . . : 419495790
DHCPv6 Client DUID. . . . . . . . : 0D-0C-0B-0A-09-08-07-06-05-04-03-02-01-00
DNS Servers . . . . . . . . . . . : 192.168.100.253
Primary WINS Server . . . . . . . : 192.168.100.253
NetBIOS over Tcpip. . . . . . . . : EnabledAny suggestions on troubleshooting would be helpful.