Dns for vpn server

Similar Messages

• Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

  Summary:
  After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
  Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
  Configuration:
  Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
  Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
  -> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
  DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
  en0: fixed public IP address -> controller.example.com
  en1: 192.168.1.254 -> controller.cluster
  -> 18 agents with AFP and Xgrid agent activated:
  en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
  VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
  _*Detailed problem description:*_
  After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.201
  Subnet Mask:
  Router: 192.168.1.254
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
  The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
  After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
  Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.202
  Subnet Mask:
  Router: (Public IP address of my VPN server)
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
  I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
  Any help is welcome!!!

  I would suggest taking a look at:
  server admin:vpn:settings:client information:network route definitions.
  as I understand your setup it should be something like
  192.168.1.0 255.255.255.0 private.
  at least as a start. I just got done troubleshooting a similar issue but via two subnets:
  http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

• Server 2012 NPS NAP DHCP for VPN

  I have setup a server with DHCP and NPS and configured NAP DHCP.
  DHCP has 1 scope and the default scope options 003 router, 005 DNS server and 015 Domain Name (domain.com). 
  Further In DHCP i created a DHCP policy so it assigns a different 005 DNS server and 015 Domain Name (restricted.domain.com) to non-compliant clients. NPS/NAP DHCP is working (all is setup health, shv, gpo etc.. Health Validator is only checking if firewall
  is runnning) so when i connect a client with firewall i get a normal IP from the scopt with the scope options and domain suffix domain.com. When i disable the firewall i get an IP from the DHCP scope, no gateway, subnet 255.255.255.255 and domain suffix restricted.domain.com
  so all works well and as NAP DHCP should work.
  Now i have an seperate RRAS server configured as VPN server and configured my DHCP/NPS server as an Radius Authentication Provider. Also a DHCP relay agent is configured in RRAS
  On my DHCP/NPS server i configured my RRAS server as a Radius Client (nap-capable).
  My questions:
  Q1. can i use NAP DHCP for vpn clients, as VPN clients get IP address from my DHCP server? i know there is a NAP VPN option but i want to use NAP DHCP cause NAP DHCP and NAP VPN don;t work together and i want NAP DHCP for internal clients.
  My problem:
  P1. with setup above i cannot setup a VPN connection from an external client i get an error "Error 812:The connection was prevented because of a policy configured on your RAS/VPN server.specfically ,the authentication method used by the server to verify
  your usename and password may not match the auithentication method configured in your connection profile .Please contact the Administrator of the RAS server and notify them of this error"
  I can resolve my problem P1 by running "configure VPN for Dial-Up" with the option "Radius server for Dial-Up or VPN connections." This creates 1 Connection Request Policy and 1 Network Policy, in the policy i set authtorized to windows
  group domain admins
  But then I have an issue with NAP DHCP...
  When i have a non-domain joined external client, where i have enabled NAP client in services.msc and DHCP Enforcement in local policy i can setup a VPN connection but from the DHCP server i get an IP addres from the subnet/scope and domain suffix domain.com,
  so this is working OK. But when i disconnnect the VPN client and disable and stopthe firewall and connect the VPN again its not getting restricted running ipconfig /all shows its not restricted and also Netsh nap client show state > shows its not restricted
  BUT it SHOULD be restricted as the firewall is off.
  What could be wrong?

  Hi,
  After discussed with so many people, I think this will not work.
  First we need know how DHCP enforcement works.
  1. The DHCP client sends a DHCP request message to the DHCP server.
  If the DHCP client has an SoH, the DHCP request message includes it. The SoH contains information about the health of the client. The DHCP server passes the SoH to
  the NPS server. The NPS server communicates with the policy server to determine whether the SoH is valid.
  2. If the SoH is valid, the DHCP server assigns the DHCP client a complete IP address configuration. The DHCP client has unlimited access to the network, as defined
  by policy.
  3. If the SoH is not valid, the DHCP server limits the access of the DHCP client to the restricted network and assigns it a limited access subnet mask and static
  routes, as defined by policy.
  But VPN clients get IPs in a different way. It uses the IP Control Protocol (IPCP) as part of the Point-to-Point Protocol (PPP) connection setup. Everything is done
  in VPN tunnel.
  Hope this helps.

• VPN server configuration - dns troubles

  Some variants of this issue have popped up on this forum, but could not quite resolve my issue. I have VPN running on OSX 10.6 server, but when the client connects to the server, they cannot browse the Internet by their host-name. However, they are able to browse the web by entering IP addresses. On the server side, DNS servers are configured to be 8.8.8.8, and network routing definition set to 192.168.1.0 / 255.255.255.0. L2TP IP range is 192.168.1.2 - 10. Any suggestions?
  Thanks!

  Many parts of Mac OS X Server require functional DNS services.
  When you are operating behind NAT, no external DNS provider can typically provide you with DNS translations.
  Neither your ISP nor Google can provide you with DNS translations within private IP blocks.  Only local DNS can do that.
  The other matter here is the attempt to operate Mac OS X Server as a gateway.  That gets gnarly, and there are many discussions of that posted around the forums.  It's far easier to use an external gateway box, and to avoid configuring a Mac as an expensive and awkward and ungainly and insecure IP router; to avoid the potential to expose open ports or random server applications to the wilds of the internet, as well as avoiding the routing configuration difficulties inherent in the default Mac OS X and Mac OS X Server user interfaces.
  Irrespective of all that DNS configuration and LAN-local stuff, your VPN needs to have a DNS server from the target LAN or it will have no translations for a NAT'd network.  By default, most VPNs will use the provided DNS for NAT'd hosts as well as public hosts.  Which you don't have.
  The usual Mac OS X Server configuration order is the host software, basic IP networking and LAN routing, DNS services, Open Directory (OD), and only then with the rest of everything else.
  If that sudo changeip -checkhostname command is tossing a DNS warning, then you have DNS issues on the LAN.  Need help setting up LAN-local DNS on Mac OS X Server?  Here are detailed DNS set-up instructions.

• Connect Azure Pack to Service Bus for Windows Server with Custom DNS

  Hello! I'm trying to configure Azure Pack to use Service Bus for Windows Server 1.1 with Custom DNS.
  All runs on one virtual machine (Windows Server 2012 R2) in Windows Azure.
  I following this post:
  roysvork.wordpress.com/2014/06/14/developing-against-service-bus-for-windows-1-1
  Replace FramDNS "servicebus" to "mymachine.cloudapp.net", and create certificate:
  SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
  On Windows Azure Virtual Machine:
  1.I'll set publuc DNS: mymachine.cloudapp.net
  2.Open ports: 10354,10355,10356,10359,10000-10004
  3.In hosts file: 127.0.0.1 mymachine.cloudapp.net
  4.Create certificate:
  SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
  PowerShell:
  Stop-SBFarm –Verbose
  Set-SBFarm -FarmDns 'mymachine.cloudapp.net'
  Update-SBHost –Verbose
  Start-SBFarm –Verbose
  New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen
  Afther that i can connect to my ServiceBusDefaultNamespace with SAS.
  It's work perfect. But, When I try to create Service Bus Namespace from Azure Pack Tenant portal - in Log an Exception:
  Namespace Provisioning Exception. TrackingId: . SystemId: . Namespace: SomeNamespace.
  Method: Activating. Exception: System.Net.Http.HttpRequestException: An error occurred while
  sending the request. ---> System.Net.WebException: The underlying connection was closed:
  Could not establish trust relationship for the SSL/TLS secure channel. --->
  System.Security.Authentication.AuthenticationException: The remote certificate is invalid according
  to the validation procedure.
  And status of namespace - Activating.
  Please help!

  Hi Alexander,
  According to the log, it seems that the validation process of the certificate failed.
  Please make sure that the certificate is installed in the client properly.
  Usually, self-signed certificate should be installed in the Computer Account-->Trusted Root Certificate Authorities.
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Security warning for any connect VPN " Untrusted VPN server Certificate"

  Is there any way to disable this security warning  ( " Untrusted VPN server Certificate") with self sign certificate on the ASA 

  Hi Anton,
  Please have a look at the link below:
  http://docs.acl.com/ex/300/index.jsp?topic=%2Fcom.acl.ax.exception.installguide%2Fexception%2Finstallation%2Ft_installing_the_self-signed_certificate.html
  This is for IE. You should get steps for FF and CHROME out there easily as well.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Connect to server thru DNS using VPN

  I want to do the following :
  - connect to my server thru VPN (this is working) using VPN server of the OS X Server
  - command -K connecting thru the fileshare on the same server using the dns name of my server. (not working)
  when i see the settings of the VPN connection i see my DNS server in the tab DNS. But connection is not established.

  Are you typing the hostname of the server in the 'Connect to Server' dialog? or are you hoping to see the remote servers appear in the list when you Browse?
  The former should work. The latter will not (at least not without extra significant hoops).
  If you are trying the former, and you can't hit the server by name, check whether you can hit it via IP address. Also check whether you can resolve the name via some other means (e.g nslookup or dig in Terminal.app, or Network Utility.app). That will at least help pinpoint the problem.

• VPN Server Feature for WRT1900AC

  Hi there,
  is there a timeline for when the VPN Server feature gets implemented into the WRT1900AC router? That particular feature decides whether I'm buying it or not.
  Cheers,
  Dave

  Thanks guys, but you are missing the point.
  See here: www.linksys.com/en-us/press/releases/2014-04-10_Linksys_Starts_Shipping_the_WRT1900AC_the_Successor_...
  "Linksys is also planning to add Wi-Fi Scheduling and an OpenVPN-based VPN server to the WRT in a future firmware update to enable users to establish a secure remote connection to the router from anywhere in the world."
  I wanted to know from Linksys or some insiders here in the forum, whether there is already a rough timeline on this feature. F.i. in which quarter the users can expect it to be implemented.
  Cheers,
  Dave

• Urgent: How to list all alias for a server throw DNS query?

  Hi
  Is there anyone know how to list all alias for a server by asking the network DNS. Is that possible?
  It doesn't work with InetAddress it return a single result.
  Best regard

  InetAddress will not get you the aliases, but you can certainly find all the different IP addresses for a specific host name using the getAllByName() method.
  You won't be able to get the aliases since those IP addresses (assuming there are more than 1) will all be cached as mapping to the name you passed to the getAllByName() method and you can't clear the map cache until the JVM exits.
  So your best hope is to get a list of IP's and either exit your app and restart with a new mode, or save them to a file for another app to read.

• Creating aliases for a server in DNS

  Hello,
  We are developping a BI solution. We have 4 different environments/domains : development, test and acceptance and production. The servernames differ in each environment. For example the server in development is called SRVDEV10 while the server
  in test is called SRVTEST21. The full names will be like SRVDEV10.development.local and SRVTEST21.test.local
  Now I would like that the network administrators to create a DNS alias called BI_Server.
  If I am in the development environment BI_Server should point to SRVDEV10 and if I am in the test environment BI_Server should point to SRVTEST21.
  Is something possible ? Should they make aliases like BI_Server.development.local : SRVDEV10.development.local and BI_Server.test.local : SRVTEST21.test.local. Those domains are seperated and it should normally not possible to go directly from development
  to test. It is also internal used and not accessable from the outside (internet) 
  Of course I can modify the hosts file but I don't want that.
  What do you think ?
  Constantijn

  Hi Constantijn,
  According to your description, you want to create a DNS alias and point the alias to different servers. The issue is more related to Windows Server DNS, I would like to recommend you post the question in the Windows Server forums at
  https://social.technet.microsoft.com/Forums/en-US/home?category=windowsserver . It is appropriate and more assists will assist you.
  However, if you need to configure hostname alias for SQL Server instance, you can review the steps in this following blog.
  http://blogs.msdn.com/b/dbrowne/archive/2012/05/21/how-to-add-a-hostname-alias-for-a-sql-server-instance.aspx
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• Mac Mini Server for VPN routing

  Hi,
  my local internet provider does not provide static IP addresses. To nevertheless make the Server available in the internet I found a service that provides a vpn tunnel with a fixed ip address. To connect to this tunnel I shall use "tunnelblick". A pptp configuration is not possible due to some incompatibility on the VPN provider's side.
  The Server is connected to an airport extreme, which provides the internet access. I understand that the server has only one network card, however the VPN program uses a virtual network card to connect to the VPN and hence there should be two IP addresses for the server: one for the internal LAN and one for the VPN. How do I figure out the Server's VPN address on my side - or is it the fixed IP address from the VPN provider? 
  This IP address can be set as the address for all network devices to go to the internet. How?
  I understand there are two ways: the router to the internet is telling all devices on how to go to the internet. Therefore this should be configurable in the airport extreme - how?
  Otherwise: How to configure the computers to use this VPN instead of the normal connection?
  If it seems to be a simple question however I don't know from where to grab the right answers. I am a newbe in servers ...
  Thanks ...
  Philippus

  The VPN service provides your computer with a private IP address which may or may not be fixed. This gets you to their network... and from there back out to the internet if they haven't blocked that particular IP range. To find out your VPN IP address you only need to open up and take a look at the network preferences status entry for it... Your problem is not there. Your problem is that the Private network ou want to use will be firewalled.. and the ports you need to run a server will not be open to your IP address.
  You can share the internet connection of one mac to others in System Preferences I think... can't check atm.. not on my mac.
  In any case I suggest, since you do not have a fixed IP.. that you use a DDNS service.. like www.no-ip.com provide and leave the VPN network for what it was intended...

• DNS for multi-site same server scenario

  I setting up the DNS for a multi-site server, I understand that the second (and subsequent) site needs to be an alias of the first.
  I have tried setting up the DNS entires as aliases (CNAME) as well as A records to no avail.
  I am sure that it is me, but what am I missing?
  I am unable to access these sites locally so I am positive that no on can access the site outside of the firewall.
  Thank you!

  There's not much detail there to go on...
  In general, yes, you should create one A record for the host, e.g.:
  webserver.domain1.com. IN A 192.168.1.2
  Then other domains should, ideally, point to this via a CNAME:
  www.domain2.com. IN CNAME webserver.domain1.com.
  Technically, it's OK to have additional A records pointing to the same IP, it just makes it a little harder to keep track of, and changing server addresses is a PITA (there's only one place to change it when using CNAMEs).
  As to what your issue is, there's no way of knowing without seeing your domain records and the name server logs. bind is pretty good about logging errors and often provides a good clue when things are amiss. If I had to hazard a guess, though, I'd say you missed a trailing . on the CNAME records, but that's largely a shot in the dark without more information.

• Servermgrd: Where to specify DNS for server?

  Been having a lot of trouble with Mac OS X Server 10.4.11 (running on PowerMac G5, 2 GHz, 2.5 Gb of RAM) the last few days. Some recurring log items I see are:
  Jun 26 07:40:55 GBG-Server servermgrd: servermgr_dns: no name available via DNS for 172.16.1.64
  Jun 26 07:40:55 GBG-Server servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  I am not using the DNS service within OS X Server, it's a standalone that hosts a few databases and afp:// file sharing. Where does a person specify the "DNS" referred to in the log entries above??

  Hi
  Leif is absolutely correct in what he says, however if all you want the Server to do is host AFP and/or SMB shares you don't need internal DNS services. Admittedly things do work better with them but if you can ignore the warnings in the log it should not affect anything.
  If the Server is supposed to be or may want to be an OD Master then you really must address the problem otherwise you don't really have an LDAP Server and it will cause you problems.
  If you are not having any problems and things are working as they should be, ignore the logs and leave things as they are. Think of it a bit like going out on a sunny day and being warned by everyone you meet that it may rain later on and to take an umbrella with you. Not a great analogy I know but you get the point?
  Tony

• How to configure router to use ip pool on the aaa server for vpn clients

  how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
  sebastan

  Hello Sebastan,
  what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
  Regards,
  GNT

• DNS over VPN

  Hi community,
  I am having some trouble with dns over vpn. On server side of VPN the dns is working 100% i.e servername.domain.com resolves to local IP address correctly from within network. However, when i connect into network over VPN the dns does not work correctly - it resolves servername correctly but not servername.domain.com. I can overcome this by setting VPN above my Ethernet adaptor in service order but then all my traffic gets routed over VPN connection (which i don't want) - even if I try adding network routing defn on VPN server. I probably need to do something on the VPN client (Snow leopard 10.6.1)?
  Please help!

  Rather than dnsmasq and openwrt, I'd look at the DNS server here.
  My guess here would be that the DNS configuration is invalid, or the domain name incorrect, or such.
  For a simple split-brain, you'll have one forward zone with your local Mac OS X Server box as the DNS server, and one (created for you) reverse DNS zone. And you'll be using a unique domain name or (far better) a publicly-registered DNS domain. But this smells like a DNS error.
  Post the +dig -x+ of the IP address on your LAN, and the +dig host+ and +dig host.example.com+ of the domain name on your LAN. And given this DNS information is either public or is behind a firewall and thus accessible only via VPN, please post the real data rather than masked data.