#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    15
    Rep Power
    0

    Question No name resolution via VPN


    I have a small network and I have a stubborn problem I cant get a handle on. the network is built
    around a MS small business server 2011. And there are a few computers on the network,
    as well as storage devices. Logging in from one of the network PCs is not a problem.
    All network devices are resolved and accessible. I also have remote access enabled and can
    connect to the network with a laptop from the outside. Once connected, I can access all devices
    through their IP address (and ping them), but I can't use them by their name. I am getting various
    error messages (name already in use, cannot find device, etc.).
    The network uses DHCP, which is done by the firewall (Netgear Prosafe 318G). The SBS is set up
    as a DNS server, and I can see all devices wit their IP addresses listed. The router correctly
    assigns the IP address of the server as "DNS server"
    Where can I find more information about this setup? The MS webiste is useless, and I have
    scoured the web for hints and help, but have not been able to resolve the issue.
  2. #2
  3. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,977
    Rep Power
    9647
    What DNS options is the VPN server pushing to clients? Alternatively, what are the DNS/DHCP settings on your computer once you've connected? (Easiest way to check that is with an ipconfig /all from the command line.)
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    15
    Rep Power
    0
    Hello Requinix,

    thanks for looking at this.

    When I run ipconfig /all on my desktop (wired connection directly to the network) where the name resolution works, it shows:

    Default gateway: 192.x.x.1 (correct firewall address)
    DHCP server: 192.x.x.1 (correct, as firewall is DHCP server)
    DNS Servers: 192.x.x.28 (the SBS box); 192.x.x.1 Firewall
    Primary WINS server: 192.x.x.28 (The SBS box is set up as WINS server)
    NetBios over Tcpip: enabled.

    I see exactly the same when I try to access the resources through VP, and, in fact, when I try to access them through my wireless access point, but then I I don't get a name resolution.
    Of course the wireless access point does not come into play when I connect through VPN.

    The weird thing is that when I try to ping one of the resources (NAS) by name, it resolves to a completely different IP: 198.205.x.x and then times out.

    I had noticed the same last week when I tried to ping that resource from somewhere else when I was connected through VPN.
  6. #4
  7. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,977
    Rep Power
    9647
    When you have the VPN tunnel up, there will be two connections: one for your physical wired connection and another for the VPN connection. I'm interested in the settings for the VPN connection.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    15
    Rep Power
    0
    Thanks.

    Here is what it says about the PPP adapter:

    DHCP enabled: No
    Autoconfigure enabled: Yes
    IP4 Address: 192.x.x.167
    Subnet mask: 255.255.255.255
    Default Gateway: 0.0.0.0
    DNS servers: 192.x.x.28, 192.x.x.1
    Primary Wins Server: 192.x.x.28
    NetBIOS over TCPIP: enabled

    Again, thanks for looking into this.
  10. #6
  11. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,977
    Rep Power
    9647
    First thing I see is that the network overlap: both your local network and the VPN are using the same IP address ranges. At least that's my guess - you redacted the middle portions. Can you change the VPN to use something else, like 10.* or a different 192.168.x.0/24? Your VPN may also support some sort of renaming, where it uses 192.168.x locally but "renames" it to 10.0.x for the VPN connections.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    15
    Rep Power
    0
    Thanks.

    I tried that, but it didn't help. The DHCP on my network uses a range of 0 - 100 for the devices, the SBS uses the same range but the last digits are just from 150 - 160, so that they don't overlap. When I changed that to a different range (second to last digit), but that didn't help. It made things worse.

    When I do that, the PPP adapter shows an IP address of the different segment, bu I lose ALL connectivity (can't use resources on the network OR the internet). I think that is due to the fact that the DNS server is still on the other segment.

    I might have made a little bit of progress, and perhaps this can help to pinpoint the issue. If you look at my first post, I did not have name resolution when I connected directly through my wireless access point. I played around a bit with the DHCP settings on the firewall. There are two fields where I can enter a DNS server. In the first field I had entered the IP address of the SBS, in the second I had put the IP address of the firewall. When I take out the IP address of the firewall and lleave the field blank, I DO get name resolution when connected throught he wireless access point, BUT I seem to have lost name resolution when I try to connect to the server from a hardwired connection. When I try to do a remote desktop connection to the SBS now, I have to use the IP address, the name will not resolve.

    I also tried to turn off the "DNS proxy" on the firewall, and that disabled all Internet connections.
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    15
    Rep Power
    0
    Ok, so after a few hours of research, trial and error, I think I might have found the solution. I'll write it down here for the next time I run into the problem and to possibly give some people a hand who have a similar problem. The problem turned out to be problems (plural).
    The real breakthrough came from this link: Ping [computer] get strange IP address - Super User. A bit down the road one of the responders lists a number of tools (NSlookup), etc. which eventually got me on the right track.
    The first think I noticed was that when I pinged my server, it would give me a weird IP address. Using TraceRT I figured out that the ping was sent into the blue yonder, and nslookup showed me that the DNS server was actually my ISP. I then found out that many ISPs don't return a "not found" or similar, but direct everything to server that then serves up a website (ad for ISP). So something was wrong with my DNS.
    I then played around with the DNS entries on the DHCP server, and lo and behold, if I leave the entry for the first DNS entry open and provide my server as the second DNS server, everything seems to work.
    Then I noticed that my laptop, when connected through RAS still could not access the resources. I was now able to typer the server name into a folder dialog, and the contents would show, but that was as far as I got. Trying to open one of the folders ended up in an error message.
    This, I eventually found out was due to a database corruption on the laptop. Here is a recipe how to fix that. It requires adding a registry entry: Gray "X" on network share folder icon - Windows 7 Help Forums
    And finally, the problems with the internal wireless access were resolved by a restart of the wireless access point which apparently had not gotten the new DNS settings from the DHCP server.

    So, right now it looks like everything is working.

IMN logo majestic logo threadwatch logo seochat tools logo