[vpn-devel] Defect / Request: Disable DNS Modification

David A. Esquivel dae at qcapital.com
Tue Sep 11 10:56:05 CDT 2012 

Problem:

 

The VPN client automatically refreshes / resets the machine IP4 DNS
servers using DHCP regardless of the Name Resolution => DNS => Enable
DNS checkbox.  This creates a problem for some users that have specific
DNS entries defined at the machine level.  It forces the user to have to
go into windows settings and change the adapter IP4 DNS settings after
connecting or disconnecting from the VPN.  I would assume that simply
leaving the "Use DNS" option unchecked would stop the client from
changing the adapter settings but it doesn't.  In my case, I have 6 DNS
entries defined but when I disconnect from the VPN only the first four
are put back -OR- my adapter settings have changed to "Obtain
Automatically"

 

To Reproduce:

 

1.  Windows Network Settings => Adapter Properties => Internet Protocol
v4 (IPv4)

-    Change IP to "Obtain IP Address Automatically"

-    Change DNS to "Use the following DNS Server .." 

-    Click Advanced => Add 6 DNS Servers: 192.168.1.1, 192.168.1.2,
192.168.1.3, 192.168.1.4, 8.8.8.8, 8.8.4.4

 

2.  Connect to any Mobile VPN Gateway ("Use DNS" setting is off -
unchecked)

 

3.  Open Command Window

-    ipconfig / all

-    result: dns servers: 192.168.1.5, 192.168.1.6 (obtained from DHCP
server)

 

4.  Disconnect from Mobile VPN

 

5.  Open Command Window

-    ipconfig / all

-    result: dns servers: 192.168.1.5, 192.168.1.6 (obtained from DHCP
server)

 

6.  Windows Network Settings => Adapter Properties => Internet Protocol
v4 (IPv4)

-    Change IP to "Obtain IP Address Automatically"

-    DNS has been set to "Obtain Automatically" - OR - DNS has been set
to: 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4 (the last two are
missing)

-    This last one is particularly frustrating because I cannot
determine what factor is deciding the outcome between the two.

 

Result: the original DNS settings have been wiped clean and need to be
manually put back in; something that regular users cannot and should not
be asked to do on a regular basis.

 

Suggested solutions:

1.  If Use DNS is unchecked, shrew soft client should not attempt to
alter local DNS settings

-    OR-

2.  Add a new option in the DNS settings tab: "Do not alter local DNS
settings"

 

NOTE: as regards solution #1, even if it is checked, upon disconnect the
adapter settings should be restored to their original state.  I think
this is a defect.

 

VPN Client Version = 2.1.7 - OR - 2.2.0

Windows OS Version = Windows 7 x 64 Ultimate SP 1 

Gateway Make/Model = Sonicwall Pro 2040 -OR- pfSense 2.0.1

Gateway OS Version = SonicOS Enhanced 4.2.0.1-12e / FreeBSD
8.1-RELEASE-p6

 

Additional Notes:  Before anyone asks, there is a specific reason that I
need the DNS configured in this manner.  I have some users (me being
one) that connect to the local network in three different ways: direct
connect, mobile VPN connect, remote site-to-site connect.  Our network
is highly DNS sensitive so one wrong entry will cause some or all of our
intranet products to become unresponsive.  I really like this client
because it is so flexible and I would love to continue using it.

 

Regards,

David Esquivel

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20120911/84ab0614/attachment-0002.html>

More information about the vpn-devel mailing list