DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

No LAN name resolution for remote L2TP VPN clients

  • albertosaurus
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
23 Jul 2019 12:54 #94763 by albertosaurus
Replied by albertosaurus on topic Re: No LAN name resolution for remote L2TP VPN clients
Given up on DHCP relay, enabled DHCP Server on the DrayTek and it is now issuing addresses from the same subnet but a range beyond the scope of the Windows DHCP Server. Although this means there are competing DHCP servers on the network, when a local client is issued an address by the router it still gets registered in Windows DNS.
This might cause trouble for DHCP IP Reservations - I don't want to have to copy all those reservations to the DrayTek from Windows!
Is there a way to instruct the DrayTek only to issue DHCP addresses to VPN clients, not to other local LAN devices?

Please Log in or Create an account to join the conversation.

More
23 Jul 2019 13:56 #94764 by hornbyp
I just re-read your original problem statement...

Albertosaurus wrote:
The router does not run a DHCP server. Instead, addresses are issued by a LAN-side Windows server which issues its own address as the DNS server.

The problem appears to be because the VPN clients are given the router's DNS servers, which are those of the ISP rather than the ones provided by DHCP from the Windows server.



He also wrote:
Is there a way to instruct the DrayTek only to issue DHCP addresses to VPN clients, not to other local LAN devices?



Under "VPN and Remote Access >> PPP General Setup", it lists a range of IP addresses for "When DHCP Disable Set". In your original configuration, it was presumably this that was being used, rather than your Windows DHCP server. There is no option to specify a DNS Server address, which would at least explain why you got the 'wrong' DNS servers.
Likewise, you can specify a per-user, fixed IP address with a Dial-in User profile - but not a DNS address :cry:

Perhaps the LAN DNS / DNS forwarding mechanism, is what Draytek expect you to use in this scenario :?:
I've not tried it myself, but it's documented here: https://www.draytek.com/support/knowledge-base/5264 and here: https://www.draytek.co.uk/support/guides/kb-conditionaldns

Another option you could explore, is modifying the Network settings of the Dialup network entry used to initiate the VPN. (I.e. Obtain IP address automatically, but specify DNS server manually). These settings are stored in .PBK files (locations many and various :| ), so they can be distributed to clients fairly easily.

Please Log in or Create an account to join the conversation.

  • albertosaurus
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 Mar 2020 21:34 #95820 by albertosaurus
I fixed the problem but forgot to report back. The only missing setting was, for each VPN user:
- Set the flag 'Multicast via VPN' to Pass.

This allows the global setting: LAN > General Setup > LAN 1... > DHCP Server Config > 'Enable Relay Agent' to work correctly so long as the LAN DNS server's address is entered.
Name resolution of LAN hosts now works reliably.

Please Log in or Create an account to join the conversation.

More
24 Jun 2020 09:40 #96491 by stuarthill
Further to this (still work-in-progress) here I am finding that by enabling PPTP VPN Service (within the VPN and Remote Access > Remote Access Control ) ... it breaks DNS resolution for VPN clients.

I'm happy to leave PPTP off although its tempting due to the much better speeds over L2TP and certianly over the horrendous implementation of SSL VPN, wet-string would be quicker than SSL.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami