DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Issue with Remote Dial In user with latest firmware

  • geroi
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 Oct 2017 09:38 #89926 by geroi
Hi all,
We are using 2860 routers with latest firmware 3.8.5_BT.
Since we installed this latest firmware - we've noticed issues with VPN for Remote Dial In users.

In our case - users are using Windows and all VPN connections are set up using Windows' built in VPN wizard.
On top of IP, username & password - we are using custom IPv4 DNS settings which are pointing DC on Lan as 1st DNS IP and local gateway as 2nd DNS IP.

Previously, before firmware upgrade, when users dialled in - Windows was using DNS settings for the connection as per IPv4 setup above.
After the firmware upgrade, something has changed with Draytek's VPN and the VPN conenction's DNS settings are different :
1st DNS entry - ISP DNS no 1 where router is located
2nd DNS entry - ISP DNS no 2 where router is located
3rd DNS entry - my 1st DNS - DC on LAN
4th DNS entry - my 2nd DNS - local gateway

As my DC is no longer 1st DNS - user who dials in is unable to access certain non-public FQDN which are only available via DC

As a workaround I've added entries for FQDN in hosts file so user can work now.

Has anyone experienced anything like this ?

Please Log in or Create an account to join the conversation.

More
01 Nov 2017 16:25 #89936 by chrisw
Worth checking if this is due to the Windows Smart Multi-Homed Name Resolution in your Windows clients? I found with my VPN that DNS queries were going out over both local ISP provided DNS and VPN DHCP provided DNS - with the first to respond being used (which was the local ISP, so resulting in DNS leak and names not being resolved correctly). Depending on your Windows client versions you may be able to gpedit to turn off SMHNR, though with Win 10 Home the only way I could fix it was by reducing the metric on the relevant network adapter to make the VPN look a more attractive route (I changed it from Auto to 10). This may be a result of the Windows Creators update rather than v3.8.5 which I also run - though can't be absolutely sure since I only VPN occasionally.

Please Log in or Create an account to join the conversation.

  • geroi
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
01 Nov 2017 16:28 #89937 by geroi

ChrisW wrote: Worth checking if this is due to the Windows Smart Multi-Homed Name Resolution in your Windows clients? I found with my VPN that DNS queries were going out over both local ISP provided DNS and VPN DHCP provided DNS - with the first to respond being used (which was the local ISP, so resulting in DNS leak and names not being resolved correctly). Depending on your Windows client versions you may be able to gpedit to turn off SMHNR, though with Win 10 Home the only way I could fix it was by reducing the metric on the relevant network adapter to make the VPN look a more attractive route (I changed it from Auto to 10). This may be a result of the Windows Creators update rather than v3.8.5 which I also run - though can't be absolutely sure since I only VPN occasionally.



Thanks for ideas Chris but this is happening on Win7 as well so creators update route is not applicable.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami