I haven't seen the DNS problem, so I can't help you there. I would
think that when the VPN is connected, DNS should be using the settings of
that connection. Hopefully somebody else can answer that part. Maybe it
concerns the binding order of the connections.
Browsing of any sort of routed network is very difficult without WINS.
The browser service depends on LAN broadcasts, and these do not cross
routers or WAN links. WINS allows the clients to find the browsers and also
allows browsers to find each other (so that they can build merged browse
lists in a segmented network).
With VPN clients, the problem is how do the remote clients find the
browse master? If you monitor the traffic they send to the VPN server, you
will probably see that they send a name server request for the Domain Master
Browser (ie the special Netbios name <domainname 1B> ). If you are not
running WINS on the LAN, this fails ; the client just keeps sending the
request and waiting for a reply which never comes. It cannot resolve the
name by broadcast.
If you are running WINS on the LAN, this request succeeds. All LAN
machines and services are registered in WINS. The client gets the IP address
of the DMB and then gets a copy of the same browse list as the one used by
LAN clients.
"Ervins Reinverts" <(E-Mail Removed)> wrote in message
news:00fc01c3c655$17eb6b10$(E-Mail Removed)...
> Hello all,
>
> I have set up a Windows 2003 Server + its RAS for VPN
> connectivity for remote users (no ISA server here!). It
> works OK, clients authenticate in the domain, get their
> IP from the internal DHCP server (which is other than RAS
> server) and all is fine. But...
> There is an issue with DNS. I know there are lots of
> articles out there about VPN and DNS issues, and have
> browsed through some of them, but they mostly address a
> bit different problem that I have - the problem that
> clients does not get DNS server addresses. In my case,
> though, they get DNS servers from DHCP, and those can be
> seen in ipconfig /all on the VPN interface. In all cases
> here, those users are home users who have some kind of
> permanent internet connection there, be it DSL, cable or
> whatever, no dialup users at the moment.
> And, they sure have TCP/IP configured on their network
> interface, with some DNS server specific to this
> connection. And the problem is that when connected to
> VPN, although they have got my internal DNS servers,
> the "primary" or "default" DNS server is still their home
> connection's server. For example, if I type nslookup, it
> addresses that server, not mine by default. As a result,
> I can get to intranet servers by their internal IP
> addresses, but not by names. Is there any way to fix that?
> If I manually change DNS server on primary connection to
> internal, I guess everything will work just fine
> (although I have not tried it). But anyway, I don't want
> to teach every enduser to change DNS servers every time
> they connect and disconnect from VPN. :-)
> And, the problem was exactly the same when using Windows
> 2000 Server for RAS.
>
> One more problem which may be or may not be related to
> previous, is that I cannot browse the network from the
> VPN connection. I don't have WINS server here, is that
> mandatory? (the HQ LAN is plain, without routing etc, so
> there is not much need for it internally)
>
> Thanks in advance,
> Ervins Reinverts
> Riga, Latvia
|
Similar Threads
Linear Mode
