DNS issue over openVPN?

[Pabama]

I have combed the forums . . . tried everything (To the best of my ability), and I am really, really stuck. Any help will be GREATLY appreciated!

Main office: 192.168.118.0/24
SBS 2003 Server (192.168.118.2) was Firewall/router - replaced with Untangle box (192.168.118.1) acting as a openVPN Server.

Satellite office - 3 PCs - 192.168.25.0/24
Added an Untangle box (192.168.25.1) as a VPN client, VPN connected successfully.
Local clients (192.168.25.110) can ping resources at main office such as SBS Server (192.168.118.2), by ip address.

Goal: Join the computers in the satellite office to the domain. (Worst case, at lease share resources).

I cannot join the domain. I receive message "A domian controller could not be contacted".

Reading the forums it looks like my satellite computers need to have the DNS of the Main Office as their DNS to join the domain. If I manually set their DNS to the SBS Server (192.168.118.2). They lose all DNS functionality, including internet. So it appears as if the DNS is not passing over the VPN connection?

- I have packet filters on both Untangle boxes to Pass - Source Interface - VPN
- In my Open VPN I have checked "Export DNS"
- In my Open VPN I have enabled DNS Override, setting it to 192.168.118.2
- nslookup on a machine in the satellite office yields: DNS request timed out.

Summary:
Successful VPN connection with IP addresses
Cannot ping domain names unless DNS manual entires, or HOSTS file is updated.
Cannot RDP or VNC between satellite office and main office.
Cannot join domain

Thank you again!

[sky-knight]

Welcome.

You need to fix DNS resolution... there is no other option. All workstations on a domain MUST USE a DC as a DNS server. There is simply no other way to make it work.

Can you access other resources on your DC from over the tunnel? Can you ping it?

[WebFooL]

Hi,
How is your firewall configured?
Try adding a pass rule

Enable Rule: YES
Description: VPN ACCESS
Action: PASS
Log: Up TO YOU
Rule
Traffic Type: TCP & UDP
Source Interface: VPN
Destination Interface: Internal
Source Address:ANY
Destination Address:ANY
Source Port:ANY
Destination Port:ANY

Edit:
And another question have you rebooted the Untangle servers after the site to site configuration?

Thanks Sky-Knight to make my point understandable

[sky-knight]

Rebooted the Untangle Servers he means. :P That is important.

[Pabama]

Thank you both for your quick replies.

sky-night: I can ping the domain controller (192.168.118.2), but cannot seem to access any other resources on it.

WebFool - I added the rule to the VPN server (Main Office), the VPN client (Satellite office) did not have options for VPN in the 'Interfaces'.
I have not rebooted the servers . . . should I do this before spinning my wheels any further?

[WebFooL]

The only thing that will flow over the tunnel until you reboot is ICMP.

http://forums.untangle.com/openvpn/8...tructions.html

And you will get the VPN option after the reboot.

[Pabama]

Wow . . . I re-booted the Untangle box at the Satellite office, and I am up and running! Thank you to all for quick responses. And I now understand much more about DNS than I thought I would be priveleged to learn today.

Thank you again.

[sky-knight]

NT Domains ARE DNS... no DNS... no Domain. :P Glad you got it running.

[wolverine]

Hmmm i got a good OpenVPN leason from this, thanks to make it so details.