I am still struggling to understand why our Windows DNS server is not replying to requests coming from a client connected to LAN through VPN (L2TP with IPsec).
When opening Windows DNS Server debugging log (running on LAN) I clearly see requests from LAN clients, while DNS requests coming from the VPN connected client are not logged at all.
As the DNS Server log shows that requests are passed over UDP, I am wondering if UDP traffic is being blocked somehow by the Peplink Balance One unit…
Any idea?
Does the DHCP server provide the internal DNS server’s IP address to L2TP clients? If so, you can obtain a network capture from the support.cgi page of the Balance to find out what is happening.
After logging into the Balance, type in this address to get the support.cgi page: http://<Peplink’s IP>/cgi-bin/MANGA/support.cgi
2 Likes
@ReeXNeeX we use L2TP VPN to connect VoIP phones via UDP. There are no problems with the VPN itself passing UDP traffic. I suspect your Windows DNS server itself is not replying to the requests. Is there a firewall on the Windows DNS server? What subnet is the server on, versus what subnet being assigned to the L2TP traffic? I believe you have some internal problem.
2 Likes
@Ron_Case Yes DHCP server is assigning the proper DNS. Will try your suggestion
@Don_Ferrario VPN clients are assigned the same subnet, and yes there’s a firewall on the WIndows Server however I don’t think the firewall can distinguish VPN clients from LAN clients if they’re on the same subnet…or not?
@Ron_Case, I have captured network traffic on Peplink Balance on LAN and WAN interface (the one used for the tunnel) as suggested.
Then I’ve issued:
- ping 192.168.xxx.1 (LAN DNS server address) and the traffic will appear in LAN.pcap
- nslookup www.google.com 192.168.xxx.1 - where 192.168.xxx.1 is the Windows DNS Server address) but there’s no trace in both logs.
Does this mean that DNS requests are not passing at all? If there’s no confidential data that is contained in the pcap files I would attached them here if it may help…
Moreover I see from local Wireshark capture that DNS requests are being answered but more than one attempt is performed, with many of these being added with an unknown “.station” suffix I suspect that in the TCP/IP stack something is not working as expected. Could it be that the clients side modem & ISP DNS is being used and the VPN connection DNS requests are being fooled?
Non-authoritative answer:
Name: na-eu-corriere.map.fastly.net
Address: 151.101.241.50
Aliases: www.corriere.it
Problem solved! DNS proxies was enabled in the LAN settings. Disabled this and all works now!
1 Like