DNS over VPN

Hi community,
I am having some trouble with dns over vpn. On server side of VPN the dns is working 100% i.e servername.domain.com resolves to local IP address correctly from within network. However, when i connect into network over VPN the dns does not work correctly - it resolves servername correctly but not servername.domain.com. I can overcome this by setting VPN above my Ethernet adaptor in service order but then all my traffic gets routed over VPN connection (which i don't want) - even if I try adding network routing defn on VPN server. I probably need to do something on the VPN client (Snow leopard 10.6.1)?
Please help!

Rather than dnsmasq and openwrt, I'd look at the DNS server here.
My guess here would be that the DNS configuration is invalid, or the domain name incorrect, or such.
For a simple split-brain, you'll have one forward zone with your local Mac OS X Server box as the DNS server, and one (created for you) reverse DNS zone. And you'll be using a unique domain name or (far better) a publicly-registered DNS domain. But this smells like a DNS error.
Post the +dig -x+ of the IP address on your LAN, and the +dig host+ and +dig host.example.com+ of the domain name on your LAN. And given this DNS information is either public or is behind a firewall and thus accessible only via VPN, please post the real data rather than masked data.

Similar Messages

  • Mount windows file server over vpn

    I have a Windows(2003SP2) file server within some LAN with IP 192.168.10.10 and with shared folder structure like
    /Sity/District/
    I am authorised to connect to this LAN over VPN (it works) and to connect to /Sity, but I am authorized only to see and modify files within /District folder.
    With the command 'smbclient -U username //192.168.10.10/Sity' in Terminal I can connect to the server and e.g. get all the files from /Sity/District/. However, neither mount_smbfs in Terminal nor Connect to Server in Finder can mount the share - error is
    mount_smbfs: negotiate phase failed: syserr = Connection refused, Finder complain about the username and the password. The /etc/nsmb.conf has the following structure
    [default]
    minauth=none
    Is there a way to mount such share?

    Yes, it replies 'could not connect to the server because the name or password is not correct'.
    Same for almost all combinations of smb://WORKGROUP;user:password@IP/Sity[/District]
    I also tried different options for mount_smbfs like '-I' with no result. Error reads
    mount_smbfs: negotiate phase failed: syserr = Connection refused
    There is also no network browsing (mDNSResponder: NOTE: Wide-Area Service Discovery disabled to avoid crashing defective DNS relay 192.168.1.1.)
    But the smbclient works and I can get the folder structure.

  • Is there a solution for Airprint over VPN connection?

    I use a new HP airprint enabled printer in a WIFI network at home. It all works fine that far, the printer is recognized by Airprint feature on both iPhone and iPad..
    Furthermore, I have established a VPN connection on my Fritzbox router and setup VPN connection on iPhone and iPad. The VPN connection (IPSec) works without any problem.
    Only problem: If I try to print using the VPN connection, no printer is found. I understand it has something to do with Bonjour not working properly over VPN.
    But is there any workaround or tweak to make it work somehow?
    (Note: I know there is the eprint-feature on the HP printer as well, but I don´t want to use it)
    Thanks

    I am having the same problem.  When on my local network, I have 2 AirPrint printers I can print to just fine from iPhone, iPad and iPod.  However, while connected to the VPN, it doesn't see any printers.
    The VPN is OS X Lion 10.7.5 VPN.  It is serving addresses in the same domain and subnet as the main network.  However, there is no option for routing control, so I assume routing across the network is somehow limited.  Incidentally, one printer is shared from an iMac, the other is a WiFi printer.
    When I connect to the VPN with my Macbook Pro, the printers don't show up as online either.  However, I can ping other machines on my network, including the Lion Server (I also have a Linux server that is serving DNS and DHCP - I can log into that machine with VNC or SSH no problem).
    The only ports I have open on the firewalls are the L2TP and PPTP ports, and the VNC port.  But anything with printing should be within the tunnel, and not filtered by the firewall once a virtual circuit is established, right?  Is there a way I can have finer control over the VPN settings, like editing a config file or something?

  • Sonicwall DHCP over VPN drops packets

    I have a similar setup without any packet loss. I followed this article for setup. Hope it helps!
    http://www.sonicwall.com/downloads/Site_to_Site_VPN_Using_DHCP_over_VPn__SonicOS_Enhanced_at__.pdf

    Playing with TZ205 DHCP over VPN.
    Used Sonicwall GVC for management using static IP for years.  Having handful of other network changes recently I decided to turn on DHCP over the VPN.  It's a split tunnel.
    Last few days I've been having frequent packet drops every 5-10min.  RDP sessions have to re-sync, ect.  It always picks up in ~5-10 seconds.  Until the next drop ~5 min later.  Well after troubleshooting I've found it's the DHCP over VPN change.
    If I return to static IP on sonicwall virtual adapter it never drops any packets. (Sonicwall client settings set to allow DHCP or manual)
    Updated to SonicOS Enhanced 5.9.1.1-39o , DHCP assigned VPN clients still dropping.
    *DHCP server just assigns IP/Mask.  No GW or DNS.  Same as when I set static.
    Any ideas?  Thanks!
    This topic first appeared in the Spiceworks Community

  • Jabber call to voice mail fails with fast busy over VPN

    I have an issue that I ran into with CIPC phones over a VPN.  If a CIPC phone called over a VPN and started ringing a phone the call would fail with fast busy at the time the call would be forwarded to voicemail.  I found the issue was when remote the CIPC phone would negotiate the g.729 codec, when forwarded to a voicemail pilot over a SIP trunk set to g.711 the call would fail due to codec missmatch when no transcoders are present.
    So now I am running into what I believe to be the same issue with Jabber, when on premise the calls to voice mail work just fine, but when remote they fail.  I can directly call the voicemail pilot without error, but if calling a phone the call gets fast busy at the point we are forwarded to voicemail.  Even though all my regions are set to talk to all other regions on G.711 and the voicemail SIP trunk is set to G.711, I believe with the new features in CUCM9 that a lower speed codec has been negotiated since the we are going over the VPN, or Jabber has done this as it knows it's over VPN (not sure).  WIth CIPC I could go into the settings and turn off the Optimize for Bandwidth check box and the call would negotiate G.711.  With Jabber I can't find anything that would tell my Jabber client to stay on G.711 and I can only imagine this is a codec missmatch as the following are true.
    1. CIPC and Jabber share the same line
    2. VPN established and CIPC optimised for low bandwidth un-checked
    3. Over the same VPN the CIPC phone can leave a voicemail
    4. Over the same VPN the Jabber client gets fast busy once forwarded to voicemail
    5. Voicemail environment is Exchange-UM over SIP trunk
    6. SIP trunk is assigned a Device Pool, that is assigned to a region that all other regions communicate G.711 to
    7. On CIPC if optimised for low bandwidth is checked I get the exact same issue as I get with the Jabber client (fast busy when forwarded to voicemail)
    Would anyone know what I can do in CUCM 9 to fix this issue, as said no issue when all devices are on premise.  Wondering if there is a service parameter or a way to change the codec selection so the Jabber client attempts to always negotiate G.711.  The correct answer would be to get some PVDM DSP resources and kick up a transcoder in my resource group, and that may be what I talk them into doing if I have no other options.                  

    We have been getting the exact same thing for almost a year now... since switching to FiOS Digital Voice in May of last year!  Every time I call in to report it they 'escalate' the issue but it never gets resolved.  The problem seems to be in the initial connection.  Most of the time it works fine but, several times a month, after I call to get messages and it starts to play the new message it goes dead and I get the busy signal.  I get the same message when I call back:  “I’m sorry – that account is in use at this time.  Please try again later!”  I have even called in with my cell phone and get the same message!  I HAVE EVEN used the Internet to see if I could get my messages and, when I hit Play, I get a pop-up saying: “Your Voice Mail box is currently in being accessed; please try again later.  If the problem continues, please contact our Customer Support Center at 1-888-553-1555. We apologize for any inconvenience.”  This is obviously a software bug that Verizon has no clue on how to troubleshoot OR fix!!!  I wonder how many people have the problem and just don’t bother reporting it because of the hassle?  When it first started happening they destroyed my entire mailbox and I had to re-enter the complete mailbox setup again – 3 times!!!  NEVER let them talk you into that!!!  It’s their problem and they need to fix it!!!!!!!  I wish I could go back to the ‘normal’ voicemail we originally had… they want hundred$ to switch back because I’d be breaking my #$@%^&* contract!  Good luck if you have Verizon………

  • How can i use an existing vpn connection without using the option "Send all traffic over vpn connection"?

    I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
    If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
    Now the question is how do I get program to use the vpn tunnel without checking the above option?
    Thanks for any hints and pointers.

    Then can her computer be authorized to both accounts?
    Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
    If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
    If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
    is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
    That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD.

  • SoftPhone over VPN audio issue

    Having a "one-way" audio issue when IPC connects over VPN to any Main Office IP Phones (7960). Remote IPC (softphone) shows "0 Received" Packets, but the IP Phone shows them as being sent.
    This does NOT happen if IPC contacts another IPC on a PC at Main Site, or any kind of phone at the other branch offices.
    Have looked at all of the audio settings on the VPN IPC unit, they are correct.
    Any ideas?

    Try to sniff the Ethernet traffic during call setup at the CallManager. When Callmanager sends Call Control messages to remote party, it could send wrong IP address or UDP port as an RTP parameters.
    Another components could block the traffic are firewalls. How do you have your VPN tunnel built? Do you use Cisco VPN Client? What terminates your VPN traffic at the central location? PIX, VPN3000 or Router? Traffic may go one way without a change, and some protocol FixUp may be triggered for this traffic on the way back. If you have access to firewall logs, check if you have any traffic dropped.
    Good luck,
    Mike
    http://www.headsetadapter.com

  • VOIP over VPN need clarification

    Hi,
    Recently I have implemented Site-to-Site VPN between ASA and sonic wall firewall.
    Problem: I can able to make call from ASA side(inside) Ip phone to sonic wall (inside) side Ip phone and vice versa and it’s ringing, But not able to hear voice. So I created VOIP over VPN configuration and applied appropriate service policy towards outside interface. But still I was not able to hear voice.
    Tried below mentioned t’shot steps:
    From ASA side we had two subnets (10.20.1.x/24 – Data and 10.20.2.x/24 – Voice ) and one subnet (192.168.x.x/24 ) from sonic wall side as interesting traffic ( lan to lan). When I configured site-to-site configuration on both ends my phase-1 and phase-2 came UP and can able to communicate between each other. (In interesting traffic I created two objects and bind those objects as one object-group for source i.e. ASA side lan subnet and one object for remote-Lan as destination)
    My call manager is rest behind ASA and Ip phones needs to communicate from sonic wall side to inside ASA.
    I can able to make call from ASA side(inside) Ip phone to sonic wall (inside) side Ip phone and vice versa and it’s ringing, But not able to hear voice. So I created VOIP over VPN configuration and applied appropriate service policy towards outside interface. But still I was not able to hear voice.
    So, I  done supernetting the data subnet and voice subnet into single network i.e. 10.20.x.x/16 at ASA side and applied the configuration changes (changed ACL, nonat rule, Voice QOS ACL accordingly), and I’m able to hear voice both end and I can communicate properly from ASA inside Ip phone to Sonic wall inside Ip phone and vice versa.
    My question: I’m not understanding the logic how this supernetting resolved dead voice issue.
    Pls clarify my question I’m bit confused on this.

    It's not recommended. Although VPNs guarantee a secure pipe end-to-end, they don't guarantee latency and variations in latency (Jitter).

  • CUPC Over VPN

    We resolved a VPN issue that was preventing us to be able to log in to CUPC over VPN. I am now able to log in, I can see my buddy list and their status, however the CUPC status in the bottom of the window is listed as "Offline (No Network)".
    Server Health:
    Logon Server: Not Connected - Disconnected
    Phone Config: Downloaded
    Presence: Connected
    Desk Phone: Not Connected
    Softphone: Not Active
    Voicemail: Connected
    Secure Messaging: Not Connected - Server Unreachable
    LDAP: Not Available - Server Unreachable
    What could be causing some of the servers to be connected while others are disconnected? We are running Microsoft ISA VPN.

    This is likely an ISA VPN configuration issue. CUPC creates separate connections to each system. For example, voicemail is an IMAP or secure IMAP connection, presence is a SIP connection, desk Phone is CTI, etc. All traffic is not tunneled through CUPS.
    You will need to troubleshoot the individual protocols to understand why Microsoft's VPN product is not properly transproting them. A good place to start would be attempting telnet connections from the VPN-connected machine to the locations specified in the relavent profile on CUPS. Example: Can you telnet to your LDAP server's port as defined in CUPS?

  • Voice over vpn-call not completing

    Hi folks,
    I got a problem,where with voice over vpn. So far my voip calls were running purely on shared IP internet. Today we had tried to make two side a vpn site-to-site tunnel and send traffic thru.vpn is working. (md5,des)
    The problem We faced is when i dial a number, the other side party's phone rings for 6-8 seconds and the call gets disconnected.Whether or not the called party answers the call gets disconnected after 6-8 secs. Iam not getting any ring back, while actually other side phone rings. No voice is going thru.
    my network is normalpbx--to--Cisco3800 to--Pix--to--QuintumGateway
    isdn debug shows Cause code18-no user responding.
    help me on this...

    Hi,
    can you provide configurations of the voice gateway and pix.
    Anyway my best guess is the PIX:)
    Check timers, check security policies.

  • No iTunes sync over VPN

    I would like to do an iTunes sync over VPN but this doesn't work.
    Has anyone ever done this?
    I set up VPN service on my 10.6 server and VPN works fine, I can VPN on from an outside computer to my network w/ no issue and see my network.
    When I VPN to my network on my iPad or iPhone, I get connected and the device gets an ip but I can't initiate a iTunes sync.
    Was this just not meant to be? It should.

    I'm working on trying to figure this out too.  I have a working VPN setup.  To sync itunes, I am thinking that the itunes on the remote computer must have an itunes library that points to the main itunes library on the host computer.  I think I have changed my itunes library on my remote computer to the library on the host via Preferences and the Advanced tab.  There is a place there to change the location of your itunes library.  When I click change, I can navigate to the itunes media location on the host.
    I am syncing now, and will be able to confirm the results tomorrow when I have access to the host.  Hopefully the sync won't have messed something up.  But, I am thinking this is working...

  • Jabber 9.5 phone service not registering over VPN

    TCT devices register fine over Any Connect VPN until I upgraded to 9.5!
    After upgrade IM/P and Voice Mail services connect successfully over VPN but phone service indicates it fails to get configuration from server.
    Everything works locally.  Any ideas what might have changed with 9.5 release that would impact ASA config!

    We've come across this issue also except ours is different we can't even login. Just says username or password is invalid.
    Works ok on corporate wifi
    Does not work on anyconnect over internet wifi.
    Does not work on anyconnect over 3G cellular data network.
    I can see it connects to the TFTP server pulls the XML files down connects to each CUP server in HA but both return wrong username and password.
    -- 2013-11-06 17:33:30.594 ERROR [6dee000] - [JabberWerx][log] [CupSoapCli]: login cup failed, reason: Wrong username/password
    -- 2013-11-06 17:33:30.598 ERROR [3c04618c] - [JabberWerx][log] [LoginMgr]: CLoginCup::OnLoginFailed, -1, Wrong username/password
    -- 2013-11-06 17:33:30.599 ERROR [3c04618c] - [JabberWerx][log] [assert]: /Users/jingwliu/depot/jwcpp/branches/s201301mobile/jwcpp/LoginMgr/LoginContext.cpp(940):  CacheCupServer, ASSERT(!"CacheCupServer() not implemented.") failed!
    -- 2013-11-06 17:33:30.600 INFO [3c04618c] - [JabberWerx][log] [LoginMgr]: OnStateChanged CLoginStop::OnStateChanged
    -- 2013-11-06 17:33:30.601 INFO [3c04618c] - [JabberWerx][log] [LoginMgr]: conn, canceled due to no needs. supposed:0, signning-on:0, signed-on:0
    -- 2013-11-06 17:33:30.601 ERROR [3c04618c] - [JabberWerx][log] [LoginMgr]: login, OnError, 10
    -- 2013-11-06 17:33:30.602 ERROR [3c04618c] - [JabberWerx][log] [JabberWerxCPP]: JWLoginSink::OnError, lerr:10
    -- 2013-11-06 17:33:30.602 INFO [3c04618c] - [csf-unified.imp.Login][OnLoginError] ****************************************************************
    -- 2013-11-06 17:33:30.602 INFO [3c04618c] - [csf-unified.imp.Login][OnLoginError] OnLoginError: LERR_CUP_AUTH: <10>. data: 0
    -- 2013-11-06 17:33:30.603 INFO [3c04618c] - [csf-unified.imp.Login][OnLoginError] **************************************************************** -- 2013-11-06 17:33:30.594 ERROR [6dee000] - [JabberWerx][log] [CupSoapCli]: login cup failed, reason: Wrong username/password
    -- 2013-11-06 17:33:30.598 ERROR [3c04618c] - [JabberWerx][log] [LoginMgr]: CLoginCup::OnLoginFailed, -1, Wrong username/password
    -- 2013-11-06 17:33:30.599 ERROR [3c04618c] - [JabberWerx][log] [assert]: /Users/jingwliu/depot/jwcpp/branches/s201301mobile/jwcpp/LoginMgr/LoginContext.cpp(940):  CacheCupServer, ASSERT(!"CacheCupServer() not implemented.") failed!
    -- 2013-11-06 17:33:30.600 INFO [3c04618c] - [JabberWerx][log] [LoginMgr]: OnStateChanged CLoginStop::OnStateChanged
    -- 2013-11-06 17:33:30.601 INFO [3c04618c] - [JabberWerx][log] [LoginMgr]: conn, canceled due to no needs. supposed:0, signning-on:0, signed-on:0
    -- 2013-11-06 17:33:30.601 ERROR [3c04618c] - [JabberWerx][log] [LoginMgr]: login, OnError, 10
    -- 2013-11-06 17:33:30.602 ERROR [3c04618c] - [JabberWerx][log] [JabberWerxCPP]: JWLoginSink::OnError, lerr:10
    -- 2013-11-06 17:33:30.602 INFO [3c04618c] - [csf-unified.imp.Login][OnLoginError] ****************************************************************
    -- 2013-11-06 17:33:30.602 INFO [3c04618c] - [csf-unified.imp.Login][OnLoginError] OnLoginError: LERR_CUP_AUTH: <10>. data: 0
    -- 2013-11-06 17:33:30.603 INFO [3c04618c] - [csf-unified.imp.Login][OnLoginError] ****************************************************************
    I've opened a support call with our vendor.

  • IP phone CP7911G over VPN

    Hi,
    is there voice problem with CP7911G over VPN? I have a CP7911G that works fine on my network, but when i call another extension on VPN, i hear some noise during the call.

    Tomcat port needs to be manually modified per following instructions:
    1. Change the http port in server.xml file in \conf
    value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
    value="8088"/> <---------- Change this to 80
    2. Restart Tomcat from Windows Service Control Manager
    3. Change the Cisco IP Phone Services URL's Port to 80 or remove the port from the url.
    For instance,
    http://:8088/ipphone/jsp/sciphonexml/IPAgentInitial.jsp
    to
    http:///ipphone/jsp/sciphonexml/IPAgentInitial.jsp
    4. Change the URL authentication parameter is applicable. This required IPPhone to be reset via the power cord.
    For instance,
    http://:8088/ipphone/jsp/sciphonexml/IPAgentAuthenticate.jsp
    to
    http:///ipphone/jsp/sciphonexml/IPAgentAuthenticate.jsp

  • VPN - can't access internet over VPN

    Hi,
    I have an issue with VPN.
    For my work I need to be able to log into my office network remotely and then access remote desktop connection from within my work network.
    This won't work unless I am accessing the internet from inside the VPN.
    I have got this working on a PC, just had to select "Use default gateway on remote network" and now when I access the VPN on a windows laptop I am accessing the internet over the VPN.
    When I connect to the VPN on the Mac I can access the network, email server, file servers etc, but can not access the internet through the VPN.
    I have tried:
    - changing the service order
    - ticking and unpicking the send all traffic over VPN setting
    I can get to the point where I can access my work network over the VPN while also accessing the internet over my wifi but cannot get it so I can access the internet over the VPN connection. It is a PPTP VPN.
    Does anyone know how I get my Mac to use the default gateway on the remote network?

    If this server is behind a (NAT-) router you need to turn on "ipforwarding only" in Server Admin NAT configuration otherwise the server wont route packets beyond it's subnet.

  • Not able to connect remote oracle database over VPN

    I can not connect remote oracle database over VPN. tnsping is ok and it shows the server information of remote database. i can also telnet the 1521 port of remote database server. I can connect the same server when it is located in the same LAN. Please help me out this is very urgent.

    6b6c669e-6baa-45c4-a6dc-444aef2d5e7a wrote:
    I can not connect remote oracle database over VPN. tnsping is ok and it shows the server information of remote database. i can also telnet the 1521 port of remote database server. I can connect the same server when it is located in the same LAN. Please help me out this is very urgent.
    First, this is a forum of volunteers.  There is no "urgent" here.
    "Urgent" means one of two things -
    1) people are dying, or
    2) you have a customer-facing, revenue-producing production system that is down.
    (And to get some perspective on the second case, keep the first in mind.)
    For the first, you call whatever civil emergency service seems appropriate.
    For the second, you open an SR with Oracle - which requires a paid-up support contract. For *them* to consider your problem "urgent", you will need to demonstrate that your problem falls under item #2. I seriously doubt your problem fits that criteria.
    You don't have a support contract?  Now you know the exact dollar figure that your company places on the data.
    That said, you need to understand a few things about your specific problem,
    First, port 1521 is only used by the listener to accept a connection request.  Once it gets that request (and finds that it is for a service (sid) that it knows about, it will fork a server process and tell the requesting client that it can communicate with that server process over some other port .. a randomly chosen port number in the "high" range.  It could be your vpn is blocking that other port, whereas your internal firewall is not.
    But this is just an educated guess since I cannot find "can not connect remote oracle database over VPN" in any error message manual. If you had mentioned the VPN along with an actual oracle error message we could be much more precise in our diagnoses and recommendations.
    ---- edit 22 Sep
    It occurred to me that I just assumed you were using the same client machine in both cases ... a laptop that you use both at work (local network) and home (vpn).  If that assumption is false, there are probably problems with your tns setup on the home (vpn) machine.
    But again, it would be much easier to help if you gave us an actual error message.

Maybe you are looking for

  • Muse social widgets not working

    Hi, trying to set up a simple google map in a muse website.   Following tutorials (Lynda.com)  I DRAGGED THE WIGET INTO THE PAGE AND ENTERED THE URL OF THE BUSINESS INVOLVED.   i keep getting a dialog saying cannot create thumbnail.   I can access th

  • Has anyone else been receiving emails from their iTunes acc email to their same email claiming to be from Apple?

    I just received an email from the account that I have my iTunes account with to that same account claiming to be from Apple Support.  I have attached a screencap to show email.

  • Support for New Twitter Widget in Web Content Overlays

    I have been looking for several days now for a solution that will allow me to present a twitter feed within a DPS Article that does not require utilizing the inapp browser.  All of the solutions I have come across do not work.  I know Twitter has cha

  • Adobe Air & Muse Import Issue?

    Any idea when the Adobe Air & Muse issue will be fixed? It still doesn't remember my last imported directory. I try each new Air update but still have to keep reverting back to Air 3.7. Thanks

  • Disk Space Monitors

    If you can't get the customization for space alerts with SW you can always use one of many free utilities: http://community.spiceworks.com/product/47308-disk-space-monitor