[Openswan Users] Windows dns lookup over IPSEC/L2TP
Jacco de Leeuw
jacco2 at dds.nl
Mon Nov 8 21:10:58 CET 2004
Duncan Reed wrote:
> I have a Windows roadwarrior to Linux (IPCop specifically) Server. Using
> OpenSWAN 1.0.6, L2TPD 0.69, PPP 2.4.2 and FreeRADIUS 1.0.1 (via ppp
> radius plugin).
> Doing an ipconfig/all you can see that the windows client has picked up
> the connection specific dns servers, i.e the ones on the subnet behind
> the vpn specified in the ppp options.
> When I browse or do an nslookup it uses the primary dns on the Ethernet
> adaptor connection, i.e. the ISP, rather than those specified by the VPN
I think I figured out what is going on. You probably configurd a static IP
address and static DNS servers on the Ethernet connection. Windows continues
to use these DNS servers when you connect to the Linux L2TP/IPsec server,
even though IPCONFIG /ALL says otherwise.
But when you configure your Ethernet connection to use DHCP, Windows will
use the DNS server(s) that it has picked up from the L2TP/IPsec server.
Which is the expected behaviour, IMHO.
For some reason Microsoft thinks that if you configure a static DNS, you
want to use it all the time. That does not make sense. If you really want
to use a static DNS when you are connected to the VPN (i.e. you would like
to override the DNS servers offered through PPP), why not configure a static
DNS in the settings of the VPN connection itself?
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users