[Openswan Users] Windows dns lookup over IPSEC/L2TP

Jacco de Leeuw jacco2 at dds.nl
Mon Nov 8 21:10:58 CET 2004

Duncan Reed wrote:

> I have a Windows roadwarrior to Linux (IPCop specifically) Server. Using
> OpenSWAN 1.0.6, L2TPD 0.69, PPP 2.4.2 and FreeRADIUS 1.0.1 (via ppp
> radius plugin).
> Doing an ipconfig/all you can see that the windows client has picked up
> the connection specific dns servers, i.e the ones on the subnet behind
> the vpn specified in the ppp options. 

However, ...

> When I browse or do an nslookup it uses the primary dns on the Ethernet
> adaptor connection, i.e. the ISP, rather than those specified by the VPN
> connection.

I think I figured out what is going on. You probably configurd a static IP
address and static DNS servers on the Ethernet connection. Windows continues
to use these DNS servers when you connect to the Linux L2TP/IPsec server,
even though IPCONFIG /ALL says otherwise.

But when you configure your Ethernet connection to use DHCP, Windows will
use the DNS server(s) that it has picked up from the L2TP/IPsec server.
Which is the expected behaviour, IMHO.

For some reason Microsoft thinks that if you configure a static DNS, you
want to use it all the time. That does not make sense. If you really want
to use a static DNS when you are connected to the VPN (i.e. you would like
to override the DNS servers offered through PPP), why not configure a static
DNS in the settings of the VPN connection itself?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list