Windows Remote VPN no DNS

VPN no DNS KB ID 0001402

Problem

I’ve been setting up a VPN solution on the test bench as I’m looking at Always On VPN. When I noticed that I had a problem with my remote VPN connections on Windows. They would connect fine but I could not resolve any FQDNs for my domain?

VPN no DNS Solution

By default, all (Windows) VPN connections are ‘Force Tunnel’ (this means they have the option ‘Use default gateway on remote network’ selected). This also means that, (unless your RAS server is the default Gateway for your network,) you usually don’t have internet access when connected to the VPN. 

Now I connected fine, and I could ping IP addresses on my corporate network, but I could not ping my servers by their domain name, in fact Windows was trying to resolve my domain name to a public IP?

Google this problem and you’re simply told to ‘Disable IPv6 on your network card, and this works, (if you want to keep your remote users Force-Tunnelled). But disabling IPv6 is hardly a fix is it?

Also If you want internet access for your remote clients, (Commonly referred to as ‘Split Tunnel’), then even with IPv6 disabled, the problem comes back!

Why is this happening? Well even with Force Tunnel enabled, you can still use your local LAN (Connect to your VPN, and ping your home gateway, or printer or wireless access point if you don’t believe me!) This connection takes precedence over your remote VPN connection, to prove it run a netstat -rn command. 

From the above you can see my Ethernet Adaptor has a metric of 6, and my VPN connector, (in this case called Connection Template) has metric of 23. AND THE LOWEST ONE WINS, so your DNS queries are going out of your local internet connection NOT down the VPN tunnel!

How Do I Fix this VPN no DNS?

Well until Microsoft fixes this in Windows 10, (it’s fine on Windows 8 and earlier), you have to manipulate the metrics yourself, like so;

VPN no DNS On Your Physical Adapter;

Start > ncpa.cpl {enter}  > Right click your NIC > Properties > Internet Protocol Version 4 > Properties.

Advanced > Untick ‘Automatic Metric’ > Set the Interface Metric to 20 > OK > OK >OK.

On Your VPN Connector;

Start > ncpa.cpl {enter}  > Right click your VPN Connector > Properties > Internet Protocol Version 4 > Properties.

Advanced > Untick ‘Automatic Metric’ > Set the Interface Metric to 10 > OK > OK >OK. 

Now your DNS look-ups should behave!

Related Articles, References, Credits, or External Links

NA

Set up Remote Access PPTP VPN’s in Windows Server

KB ID 0000103

Problem

You want to provide access to your corporate network for your remote users.

Solution

Installing the Server Role

1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter) > Add Roles > Select Network Policy and Access Services > Next > Next

2. Select Remote Access Service > Next > Install > The Service will take awhile to install (Coffee time!).

3. When Done > Close.

4. Start > Administrative tools > Routing and Remote Access > The Server will have a red “down” Arrow on it > Right Click the Server and Select “Configure and enable routing and remote access”

5. Next > Select “Custom Configuration” > Next. (Note: I’m selecting this because I only Have One NIC and I want to use this NIC).

6. VPN Access > Next.

7. When Promoted Select “Start Service” > The Service will start > you can now close the Routing and Remote Access Console.

8. Ensure the user who needs to connect has been granted (either directly or through Policy).

Firewall Note:

For this to work two things need to happen, TCP Port 1723 needs to be allowed (or Port) forwarded to the Server. And GRE (Generic Routing Encapsulation) needs to be allowed to the server. GRE is a PROTOCOL and NOT a Port so you cannot simply Port forward it, it need to be allowed directly to the server, so the server needs a public IP address to allow it to.

Cisco PIX / ASA Users Click Here

Set Up the Client PC’s

Vista & Windows 7

1. Start > Control Panel > Network and sharing Center > Connect to a Network > Set up a Connection or Network > Connect To a Workplace > Next.

2. Use My Internet Connection (VPN) > Enter the public IP address of the VPN server > Enter a Name for the Connection > Next > Enter your Domain Logon details > Connect.

Note sometimes you need to put the username in user_name@domain_name.com format

Windows 2000, 2003, & XP

1. Start > run > NCPA.CPL {Enter}> File > New Connection > Next > Connect to the Network at my workplace > Next.

2. Virtual Private Network Connection > Next.

3.Enter the Public IP Address of the VPN Server. > Next > Select who can use the connection > Next > Finish > Enter the username and password > Connect.

Related Articles, References, Credits, or External Links

Using the Microsoft VPN client through Cisco ASA/PIX