Hi all,
We are using 2860 routers with latest firmware 3.8.5_BT.
Since we installed this latest firmware - we've noticed issues with VPN for Remote Dial In users.

In our case - users are using Windows and all VPN connections are set up using Windows' built in VPN wizard.
On top of IP, username & password - we are using custom IPv4 DNS settings which are pointing DC on Lan as 1st DNS IP and local gateway as 2nd DNS IP.

Previously, before firmware upgrade, when users dialled in - Windows was using DNS settings for the connection as per IPv4 setup above.
After the firmware upgrade, something has changed with Draytek's VPN and the VPN conenction's DNS settings are different :
1st DNS entry - ISP DNS no 1 where router is located
2nd DNS entry - ISP DNS no 2 where router is located
3rd DNS entry - my 1st DNS - DC on LAN
4th DNS entry - my 2nd DNS - local gateway

As my DC is no longer 1st DNS - user who dials in is unable to access certain non-public FQDN which are only available via DC

As a workaround I've added entries for FQDN in hosts file so user can work now.

Has anyone experienced anything like this ?

Worth checking if this is due to the Windows Smart Multi-Homed Name Resolution in your Windows clients? I found with my VPN that DNS queries were going out over both local ISP provided DNS and VPN DHCP provided DNS - with the first to respond being used (which was the local ISP, so resulting in DNS leak and names not being resolved correctly). Depending on your Windows client versions you may be able to gpedit to turn off SMHNR, though with Win 10 Home the only way I could fix it was by reducing the metric on the relevant network adapter to make the VPN look a more attractive route (I changed it from Auto to 10). This may be a result of the Windows Creators update rather than v3.8.5 which I also run - though can't be absolutely sure since I only VPN occasionally.

ChrisW wrote: Worth checking if this is due to the Windows Smart Multi-Homed Name Resolution in your Windows clients? I found with my VPN that DNS queries were going out over both local ISP provided DNS and VPN DHCP provided DNS - with the first to respond being used (which was the local ISP, so resulting in DNS leak and names not being resolved correctly). Depending on your Windows client versions you may be able to gpedit to turn off SMHNR, though with Win 10 Home the only way I could fix it was by reducing the metric on the relevant network adapter to make the VPN look a more attractive route (I changed it from Auto to 10). This may be a result of the Windows Creators update rather than v3.8.5 which I also run - though can't be absolutely sure since I only VPN occasionally.

Thanks for ideas Chris but this is happening on Win7 as well so creators update route is not applicable.