Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Untangler
    Join Date
    Oct 2009
    Posts
    92

    Default Site to Site Dns Issue, Support cant Figure it out. Any ideas?

    I have site to site vpn working but dns will not work. but dns will work when I use the client vpn from a workstation. Support has logged on to both of my machines and they verified all settings are correct. They recommended I uninstall both openvpn and resetup. Did that and same result. Any ideas? Here is my config.

    Main Site. Untangle in router mode with cable modem following settings

    192.168.16.1
    255.255.255.0
    Export dns is checked and dns override is setup. (dns server is my sbs )

    Report site Untangle in router mode with westel dsl router in bridge mode
    192.168.2.1
    255.255.255.0


    Site to Site I can ping by ip address but dns not working. If I distribute vpn client to workstations on remote site they can ping by dns???

    Support is at a loss and has no more ideas? Can anyone help?

    Thanks
    T

  2. #2
    Untangle Ninja gotkimchi's Avatar
    Join Date
    Jan 2007
    Location
    Bay Area
    Posts
    2,106

    Default

    What I would try next is to see if it is site related. Call support and have them setup a site to site to you and see if that works.
    to be understood, you must first understand. :)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Logicsound,

    DNS override doesn't work for site to site.

    Here's what you can try to do:

    On the remote Untangle add a line to the Configration->Networking->Advanced->DHCP & DNS page.

    dhcp-option=6,x.x.x.x (ip of the DNS server at the main site)

    You'll probably also have to turn off the DNS server on the remote Untangle.

    Hopefully this will hand out the main site DNS server. I'm thinking it might also hand out the DNS servers specified in the External Interface page.

    If this doesn't work, you'll need to hard set the DNS server settings on the remote site client PCs.

    I'm assuming you're using a Microsoft server? You'll also want to set up a new subnet and site in your AD configuration and you know you're supposed to have a DC per site right? That would make your set up a lot easier.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    I was going to say who did you talk to in Support?

    Site-to-Site has no overrides... it's just a IP based connection. If you need DNS name spaces to work on both sides you have to get your DHCP server on the far side to configure clients with the appropriate DNS server address.

    Either do as mrunkel says and add a third DNS server to Untangle's DHCP offerings, or configure your external interface to use a DC as a primary DNS server.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    you know you're supposed to have a DC per site right? That would make your set up a lot easier.
    That's debatable to an extent. While having a remote DC makes life loads easier, if you have a solid, fast, reliable persistent site to site connection you can have remote sites authenticating across the vpn to one central DC.

    You should always have 2 DC's, dns servers, and dhcp servers but not everyone has the budget to do so. In this case, a read only copy of the main zone would be sufficient or even a dhcp server handing out the correct dns servers across the link would do.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  6. #6
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Quote Originally Posted by proactivens View Post
    That's debatable to an extent.
    It's a Microsoft best practice.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  7. #7
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    I know it is, I agree with you there. But in the real world sometimes its not feasible. Microsoft tells us we must have redundancy across the board, but at the same time push a product like SBS server that breaks several of microsofts own rules.
    "never put exchange on the same server as a DC, never put SQL on an exchange, never put sharepoint or IIS on a DC" and yet they have a product that breaks all those rules at once.

    In a perfect world, everyone would have budgets for redundancy and "BDC's" (I know BDC's dont exist anymore) but can you really expect a remote site of 3 users to fork over alot of $$$ for a server, OS license, and a persistent link?
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  8. #8
    Untangle Ninja gotkimchi's Avatar
    Join Date
    Jan 2007
    Location
    Bay Area
    Posts
    2,106

    Default

    He talked to me, I had a brain fart. I own up to my mistakes.
    to be understood, you must first understand. :)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    Its thursay Tony, these things are expected.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Quote Originally Posted by mrunkel View Post
    It's a Microsoft best practice.
    Yet they sell SMB server!

    And since when do we roll out site-to-site links for 3 users? That sort of thing is easier to support with OpenVPN clients on the desktops.

    Heck if inet is guaranteed on boot, configure the openvpn service to autostart and bam, AD authentication over OpenVPN out of the box.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2