[Openswan Users] Windows dns lookup over IPSEC/L2TP

Duncan Reed duncan at elminster.com
Tue Nov 23 09:35:31 CET 2004 

> On Mon, 2004-11-08 at 20:10, Jacco de Leeuw wrote:

> I think I figured out what is going on. You probably configurd a 
static IP
> address and static DNS servers on the Ethernet connection. Windows continues
> to use these DNS servers when you connect to the Linux L2TP/IPsec server,
> even though IPCONFIG /ALL says otherwise.
> 
> But when you configure your Ethernet connection to use DHCP, Windows will
> use the DNS server(s) that it has picked up from the L2TP/IPsec server.
> Which is the expected behaviour, IMHO.

Back from hols now, so back on the case. I pretty sure I have tried both
dhcp and static. I have one machine using dhcp and one using static. I
shall double check I haven't hardcoded a static dns server into the dhcp
machine.

Duncan

> On Mon, 2004-11-08 at 20:10, Jacco de Leeuw wrote:
> Duncan Reed wrote:
> 
> > I have a Windows roadwarrior to Linux (IPCop specifically) Server. Using
> > OpenSWAN 1.0.6, L2TPD 0.69, PPP 2.4.2 and FreeRADIUS 1.0.1 (via ppp
> > radius plugin).
> > 
> > Doing an ipconfig/all you can see that the windows client has picked up
> > the connection specific dns servers, i.e the ones on the subnet behind
> > the vpn specified in the ppp options. 
> 
> However, ...
> 
> > When I browse or do an nslookup it uses the primary dns on the Ethernet
> > adaptor connection, i.e. the ISP, rather than those specified by the VPN
> > connection.
> 
> I think I figured out what is going on. You probably configurd a static IP
> address and static DNS servers on the Ethernet connection. Windows continues
> to use these DNS servers when you connect to the Linux L2TP/IPsec server,
> even though IPCONFIG /ALL says otherwise.
> 
> But when you configure your Ethernet connection to use DHCP, Windows will
> use the DNS server(s) that it has picked up from the L2TP/IPsec server.
> Which is the expected behaviour, IMHO.
> 
> For some reason Microsoft thinks that if you configure a static DNS, you
> want to use it all the time. That does not make sense. If you really want
> to use a static DNS when you are connected to the VPN (i.e. you would like
> to override the DNS servers offered through PPP), why not configure a static
> DNS in the settings of the VPN connection itself?
> 
> Jacco

More information about the Users mailing list