DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
No LAN name resolution for remote L2TP VPN clients
- albertosaurus
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
23 Jul 2019 12:54 #94763
by albertosaurus
Replied by albertosaurus on topic Re: No LAN name resolution for remote L2TP VPN clients
Given up on DHCP relay, enabled DHCP Server on the DrayTek and it is now issuing addresses from the same subnet but a range beyond the scope of the Windows DHCP Server. Although this means there are competing DHCP servers on the network, when a local client is issued an address by the router it still gets registered in Windows DNS.
This might cause trouble for DHCP IP Reservations - I don't want to have to copy all those reservations to the DrayTek from Windows!
Is there a way to instruct the DrayTek only to issue DHCP addresses to VPN clients, not to other local LAN devices?
This might cause trouble for DHCP IP Reservations - I don't want to have to copy all those reservations to the DrayTek from Windows!
Is there a way to instruct the DrayTek only to issue DHCP addresses to VPN clients, not to other local LAN devices?
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
23 Jul 2019 13:56 #94764
by hornbyp
Replied by hornbyp on topic Re: No LAN name resolution for remote L2TP VPN clients
I just re-read your original problem statement...
Under "VPN and Remote Access >> PPP General Setup", it lists a range of IP addresses for "When DHCP Disable Set ". In your original configuration, it was presumably this that was being used, rather than your Windows DHCP server. There is no option to specify a DNS Server address, which would at least explain why you got the 'wrong' DNS servers.
Likewise, you can specify a per-user, fixed IP address with a Dial-in User profile - but not a DNS address
Perhaps the LAN DNS / DNS forwarding mechanism, is what Draytek expect you to use in this scenario:?:
I've not tried it myself, but it's documented here:
https://www.draytek.com/support/knowledge-base/5264
and here:
https://www.draytek.co.uk/support/guides/kb-conditionaldns
Another option you could explore, is modifying the Network settings of the Dialup network entry used to initiate the VPN. (I.e. Obtain IP address automatically, but specify DNS server manually). These settings are stored in .PBK files (locations many and various ), so they can be distributed to clients fairly easily.
Albertosaurus wrote:
The router does not run a DHCP server. Instead, addresses are issued by a LAN-side Windows server which issues its own address as the DNS server.
The problem appears to be because the VPN clients are given the router'sDNS servers, which are those of the ISP rather than the ones provided by DHCP from the Windows server.
He also wrote:
Is there a way to instruct the DrayTek only to issue DHCP addresses to VPN clients, not to other local LAN devices?
Under "VPN and Remote Access >> PPP General Setup", it lists a range of IP addresses for "When DHCP Disable Set
Likewise, you can specify a per-user, fixed IP address with a Dial-in User profile - but not a DNS address
Perhaps the LAN DNS / DNS forwarding mechanism, is what Draytek expect you to use in this scenario
I've not tried it myself, but it's documented here:
Another option you could explore, is modifying the Network settings of the Dialup network entry used to initiate the VPN. (I.e. Obtain IP address automatically, but specify DNS server manually). These settings are stored in .PBK files (locations many and various
Please Log in or Create an account to join the conversation.
- albertosaurus
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
24 Mar 2020 21:34 #95820
by albertosaurus
Replied by albertosaurus on topic No LAN name resolution for remote L2TP VPN clients - Fixed!
I fixed the problem but forgot to report back. The only missing setting was, for each VPN user:
- Set the flag 'Multicast via VPN' to Pass.
This allows the global setting: LAN > General Setup > LAN 1... > DHCP Server Config > 'Enable Relay Agent' to work correctly so long as the LAN DNS server's address is entered.
Name resolution of LAN hosts now works reliably.
- Set the flag 'Multicast via VPN' to Pass.
This allows the global setting: LAN > General Setup > LAN 1... > DHCP Server Config > 'Enable Relay Agent' to work correctly so long as the LAN DNS server's address is entered.
Name resolution of LAN hosts now works reliably.
Please Log in or Create an account to join the conversation.
- stuarthill
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
24 Jun 2020 09:40 #96491
by stuarthill
Replied by stuarthill on topic Re: No LAN name resolution for remote L2TP VPN clients
Further to this (still work-in-progress) here I am finding that by enabling PPTP VPN Service (within the VPN and Remote Access > Remote Access Control ) ... it breaks DNS resolution for VPN clients.
I'm happy to leave PPTP off although its tempting due to the much better speeds over L2TP and certianly over the horrendous implementation of SSL VPN, wet-string would be quicker than SSL.
I'm happy to leave PPTP off although its tempting due to the much better speeds over L2TP and certianly over the horrendous implementation of SSL VPN, wet-string would be quicker than SSL.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek