A little background: we are on a WG Firebox T55 and we’ve got Mobile VPN with SSL up and running. I am currently not forcing all traffic through the VPN, but I am allowing connection to the other interfaces. We have an ERP that requires us to specify DNS so that we can access it via web browser. Without the 10.10.0.10 DNS specification, it obviously can’t resolve the name and access the ERP.
Here is the issue. When we connect to the Mobile VPN on a PC, the correct DNS gets assigned and access to the ERP is successful. However, on iOS and MacOS devices (via .ovpn), it won’t pull the DNS assignment from the VPN, it defaults to a 172.x.x.x DNS and a DNS with an IPv6 address on every single device. If I can go in and force the DNS to 10.10.0.10, it will be successful. I’d prefer not to have to force this for every device in the company, and I certainly don’t trust my end users to do this for every network they ever connect to. I’ve tried both assigning the DNS in the Mobile VPN settings via the Firebox, and I’ve also told it to assign the network DNS. Both result in the same issue. I’m guessing there’s something with the .ovpn profile that isn’t bringing over the DNS and I can’t figure out why or how to fix it. I must be missing something.
Any and all help you can provide would be greatly appreciated!
I’m using OpenVPN. This is my first time looking at the logs and it’s interesting because the log shows that it’s adding my two DNSes (DNSs?) but when I check the DNS that’s been assigned, it’s those two I mentioned above. Somehow the DNS is being overridden I guess. Here is the pertinent log info from when I connected this morning, showing that the DNS were added
2021-09-16 07:10:35 NIP: adding DNS 10.10.0.10
2021-09-16 07:10:35 NIP: adding DNS 8.8.8.8
2021-09-16 07:10:35 NIP: blocking all IPv6 traffic
2021-09-16 07:10:35 NIP: adding DNS specific routes:
If I couldn’t solve this SSL issue then I was going to try setting up IKEv2. We were forcing all traffic through the VPN at one point but the end users were reporting their connections would get bogged down and would sporadically lose connection. Once I turned that off, those issues were resolved.
I’m using the SSL/VPN on a series of Apple machines that can resolve internal machine names using internal DNS mapped on VPN. Using the native SSL/VPN app, not OpenVPN.
Are you just going into VPN via the machine Settings and adding a new VPN connection? When I do that on an iOS device, I only have options for IKEv2, L2TP, and IPSec. Nothing for SSL
Once you setup the SSL/VPN connection in the T55, install the MacOS SSL/VPN client from here and use the endpoint IP/DNS name, username/password (ect…) and once it connects, DNS works; at least on my clients machines.