[Openswan Users] Windows dns lookup over IPSEC/L2TP

Duncan Reed duncan at elminster.com
Fri Oct 29 16:55:44 CEST 2004


Not an openswan issue directly but someone else on the list may have hit
this problem.

I have a Windows roadwarrior to Linux (IPCop specifically) Server. Using
OpenSWAN 1.0.6, L2TPD 0.69, PPP 2.4.2 and FreeRADIUS 1.0.1 (via ppp
radius plugin).

All works fine with one exception.

Doing an ipconfig/all you can see that the windows client has picked up
the connection specific dns servers, i.e the ones on the subnet behind
the vpn specified in the ppp options. 

Now with PPP on Linux I would expect, with the use of 'usepeerdns', for
the resolv.conf file to be dynamically changed while the ppp link was
up. But on windows this does not seem to be the case.

When I browse or do an nslookup it uses the primary dns on the Ethernet
adaptor connection, i.e. the ISP, rather than those specified by the VPN
connection.

I can work around this by doing 'nslookup blah.blah.blah 192.168.0.201'
where 192.168.0.201 is the intranet dns server and then cut and paste
into the browser but this is a bit tedious. So it appears to be the
order in which windows uses the dns servers that is the problem.

My config is based on the sterling work done by Jacco de Leeuw & Nate
Carlson. Converted to work on IPCop distribution. My config, what and
how I did it can be found here
http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer

I can get this working by hard coding stuff into windows but then it
breaks resolution when the VPN is down.

Anyone got any ideas?

Thanks,
Duncan


More information about the Users mailing list