question

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 asked Gary-5708 answered

Windows Server 2016 RRAS and clients DNS

Dear all,

we have a Windows Server 2016 providing a VPN service to our users. The server is configured with a static address pool.

The server has a single interface with its DNS servers configured to our internal DNS servers.

When the clients connect to the VPN (through L2TP or PPTP), they do not receive our DNS servers list.

Any idea what may be happening?

windows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Gary-5708 avatar image
0 Votes"
Gary-5708 answered

@DSPatrick You need to check which adapter is set in the RRAS VPN configuration.

RRAS MMC > Right-click your server name > Properties > IPv4 tab > "Enable broadcast name resolution" - and choose the correct adapter.

My server has Hyper-V installed and network teaming. I had a list
- Allow RAS to select adapter
- vEthernet (Internal)
- Teamed interface
- vEthernet (External)

"Allow RAS to select" > no DNS
Teamed interface > no DNS
I have two Hyper-V virtual network cards - "vEthernet (Internal)" and "vEthernet (External)" - so I can ring-fence a VM by using the "Internal Only" interface
When I selected "vEthernet (External)" and restarted the RRAS service, DNS resolution worked.

I realised the "vEthernet (External)" interface was likely to be the correct one because an ipconfig /all showed it had the 192.168.x.x (standard internal IP range) address.
But, if in doubt, you can just cycle through them all, restarting RRAS each time.

Gary

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Ok, well vpn users should inherit the gateway and dns from the host server NIC that's bound to RRAS, so something else appears to be problematic.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Dear @DSPatrick ,

we can't use DHCP assigned addressing since we have several scopes and, according to the documentation we have read, only address pools can be used in this case

Kind regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

May want to consider using DHCP assigned addressing.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd469667(v=ws.11)?redirectedfrom=MSDN

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Should I set the gateway manually then? How should I do it?

Kind regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

The PPP adapter RAS has no default gateway.



--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Yes, but that is our issue: the server is not providing our DNS servers to the clients.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

8.8.8.8 is public DNS and gets them internet, you'll need a LAN default gateway configured in order to access LAN resources.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Is it required @DSPatrick ? The users can browse if their machines have a DNS set (for example 8.8.8.8) thus it does not seems a gateway/routing issue.

Traceroutes from the clients show that they do navigate through the VPN.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Looks like the PPP adapter RAS has no default gateway.


--please don't forget to Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.