[Openswan Users] Windows dns lookup over IPSEC/L2TP
Duncan Reed
duncan at elminster.com
Tue Nov 23 09:35:31 CET 2004
> On Mon, 2004-11-08 at 20:10, Jacco de Leeuw wrote:
> I think I figured out what is going on. You probably configurd a
static IP
> address and static DNS servers on the Ethernet connection. Windows continues
> to use these DNS servers when you connect to the Linux L2TP/IPsec server,
> even though IPCONFIG /ALL says otherwise.
>
> But when you configure your Ethernet connection to use DHCP, Windows will
> use the DNS server(s) that it has picked up from the L2TP/IPsec server.
> Which is the expected behaviour, IMHO.
Back from hols now, so back on the case. I pretty sure I have tried both
dhcp and static. I have one machine using dhcp and one using static. I
shall double check I haven't hardcoded a static dns server into the dhcp
machine.
Duncan
> On Mon, 2004-11-08 at 20:10, Jacco de Leeuw wrote:
> Duncan Reed wrote:
>
> > I have a Windows roadwarrior to Linux (IPCop specifically) Server. Using
> > OpenSWAN 1.0.6, L2TPD 0.69, PPP 2.4.2 and FreeRADIUS 1.0.1 (via ppp
> > radius plugin).
> >
> > Doing an ipconfig/all you can see that the windows client has picked up
> > the connection specific dns servers, i.e the ones on the subnet behind
> > the vpn specified in the ppp options.
>
> However, ...
>
> > When I browse or do an nslookup it uses the primary dns on the Ethernet
> > adaptor connection, i.e. the ISP, rather than those specified by the VPN
> > connection.
>
> I think I figured out what is going on. You probably configurd a static IP
> address and static DNS servers on the Ethernet connection. Windows continues
> to use these DNS servers when you connect to the Linux L2TP/IPsec server,
> even though IPCONFIG /ALL says otherwise.
>
> But when you configure your Ethernet connection to use DHCP, Windows will
> use the DNS server(s) that it has picked up from the L2TP/IPsec server.
> Which is the expected behaviour, IMHO.
>
> For some reason Microsoft thinks that if you configure a static DNS, you
> want to use it all the time. That does not make sense. If you really want
> to use a static DNS when you are connected to the VPN (i.e. you would like
> to override the DNS servers offered through PPP), why not configure a static
> DNS in the settings of the VPN connection itself?
>
> Jacco
More information about the Users
mailing list