<div dir="ltr">Okay - I did some more research, and now have a workaround.<div><br></div><div>The configurations I was using in Shrew all work now, with no modification from how they were set up prior to upgrading Windows. My ethernet adapter configuration is now the same as it was before I upgraded Windows. (I changed the DNS settings back.)</div><div><br></div><div>When I connect or disconnect the VPN, I run the following batch file (as an Administrator) to change the DNS settings of my ethernet adapter. My home DNS settings use 4.2.2.1 and 4.2.2.3. "10.x.x.x" and "10.y.y.y" should be replaced with VPN servers to be used when connected.</div><div><br></div><div>Obviously, this will have to change if I'm connected over wifi, etc. Just wanted to post my results in case anyone else found them useful.</div><div><br></div><div><br></div><div><div><font face="monospace, monospace">@echo off</font></div><div><font face="monospace, monospace">if "%~1"=="home" goto FIXHOME</font></div><div><font face="monospace, monospace">if "%~1"=="vpn" goto FIXVPN</font></div><div><font face="monospace, monospace">goto USAGE</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">:FIXHOME</font></div><div><font face="monospace, monospace">netsh dnsclient delete dnsservers "Ethernet 3" all</font></div><div><font face="monospace, monospace">netsh interface ipv4 add dnsserver "Ethernet 3" 4.2.2.1</font></div><div><font face="monospace, monospace">netsh interface ipv4 add dnsserver "Ethernet 3" 4.2.2.3</font></div><div><font face="monospace, monospace">goto FLUSH</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">:FIXVPN</font></div><div><font face="monospace, monospace">netsh dnsclient delete dnsservers "Ethernet 3" all</font></div><div><font face="monospace, monospace">netsh interface ipv4 add dnsserver "Ethernet 3" 10.x.x.x</font></div><div><font face="monospace, monospace">netsh interface ipv4 add dnsserver "Ethernet 3" 10.y.y.y</font></div><div><font face="monospace, monospace">goto FLUSH</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">:FLUSH</font></div><div><font face="monospace, monospace">ipconfig /flushdns</font></div><div><font face="monospace, monospace">goto DONE</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">:USAGE</font></div><div><font face="monospace, monospace">echo.</font></div><div><font face="monospace, monospace">echo Usage: fixdns [home | vpn]</font></div><div><font face="monospace, monospace">echo.</font></div><div><font face="monospace, monospace">goto DONE</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">:DONE</font></div></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 12, 2015 at 10:30 AM, Mark A. Sibert <span dir="ltr"><<a href="mailto:marksibert@gmail.com" target="_blank">marksibert@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Okay - the experiment worked.<div><br></div><div>In my ethernet adapter settings, I manually configured DNS and set it to the same servers that the VPN uses. I removed the DNS entry for my ISP. I added the hostname for my vpn server to my hosts file, so that Shrew could connect to it.</div><div><br></div><div>Once the connection is established, Outlook works, as well as all of the other internal websites.</div><div><br></div><div>I tried adding my ISP's dns server to the end of the list, but that causes the internal hostnames to resolve incorrectly. The corporate dns server seems to be slow enough that my ISP's dns server is answering first with the incorrect address.</div><div><br></div><div>So, routing is definitely correct. This is definitely a dns issue. I did try installing the "pay" version of Shrew, and selected "split dns" - but it didn't work.</div><div><br></div><div>Is there a script I could run after connecting to fix the dns? "ipconfig" doesn't seem to have any option to remove a dns server.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 12, 2015 at 9:49 AM, Mark A. Sibert <span dir="ltr"><<a href="mailto:marksibert@gmail.com" target="_blank">marksibert@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Oh - and I did try changing all of the Shrew executables to "run as administrator", and even set them to run in compatibility mode for Windows 7. (Applied settings for all users.) It didn't make a difference.</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 12, 2015 at 9:48 AM, Mark A. Sibert <span dir="ltr"><<a href="mailto:marksibert@gmail.com" target="_blank">marksibert@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Okay - a little more digging and David's theory about it being a DNS issue is looking more and more likely.<div><br></div><div>I flushed the DNS cache and was unable to resolve any internal addresses when connected via Shrew. So it's not just the Exchange server. Actually, the hostnames *did* resolve, but they resolved to different ip addresses!</div><div><br></div><div>Next experiment (for later today) - take my home dns server out of the config and add the vpn's dns entries to my ethernet adapter's config. I'll have to add the ip address of the vpn server to my hosts file, since I won't have dns until I'm connected.</div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Aug 8, 2015 at 4:57 PM, Mark A. Sibert <span dir="ltr"><<a href="mailto:marksibert@gmail.com" target="_blank">marksibert@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Nigel. Thanks David.<div><br></div><div>DNS *seems* to be working fine. Internal and external addresses both resolve after the connection is established.</div><div><br></div><div>The browser error (IE and Chrome) that I get when trying to connect to OWA (Outlook Web Access) is: "Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)" I just tried running in an incognito windows, with the same result. So cache/cookies/plugins aren't the issue.</div><div><br></div><div>I'm using the same Shrew configuration that worked in Windows 7/8/8.1. (So nothing has changed there.) Both Outlook and OWA work fine when I connect with the Cisco VPN client.</div><div><br></div><div>I have included the output of "route print" for Shrew and Cisco below, in case that sparks some ideas. (192.168.77.* is my local network, 10.63.*.* is the VPN.) 192.168.77.15 is my wired ethernet address. Obviously, my vpn address changed when I disconnected Shrew and reconnected with AnyConnect.</div><div><br></div><div>There appear to be some notable differences in the routing tables, though. The one difference that stands out is:</div><div><br></div><div><div><font face="monospace, monospace"> 0.0.0.0 0.0.0.0 On-link 10.63.238.73 31 (Shrew)</font></div></div><div><div style="font-family:monospace,monospace"> 0.0.0.0 0.0.0.0 10.63.232.1 10.63.238.13 2 (Cisco)</div></div><div><br></div><div>I don't know if that's the issue or not... Any ideas?</div><div><br></div><div>- Mark</div><div><font face="monospace, monospace"><br></font></div><div><br></div><div>No VPN:</div><div><div><font face="monospace, monospace">IPv4 Route Table</font></div><div><font face="monospace, monospace">===========================================================================</font></div><div><font face="monospace, monospace">Active Routes:</font></div><div><font face="monospace, monospace">Network Destination Netmask Gateway Interface Metric</font></div><div><font face="monospace, monospace"> 0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.15 10</font></div><div><font face="monospace, monospace"> 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 192.168.77.0 255.255.255.0 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 192.168.77.15 255.255.255.255 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 192.168.77.255 255.255.255.255 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 224.0.0.0 240.0.0.0 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 255.255.255.255 255.255.255.255 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace">===========================================================================</font></div></div><div><br></div><div>Shrew Soft VPN 2.2.2:</div><div><div><font face="monospace, monospace">IPv4 Route Table</font></div><div><font face="monospace, monospace">===========================================================================</font></div><div><font face="monospace, monospace">Active Routes:</font></div><div><font face="monospace, monospace">Network Destination Netmask Gateway Interface Metric</font></div><div><font face="monospace, monospace"> 0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.15 110</font></div><div><font face="monospace, monospace"> 0.0.0.0 0.0.0.0 On-link 10.63.238.73 31</font></div><div><font face="monospace, monospace"> 8.19.201.0 255.255.255.0 192.168.77.1 192.168.77.15 11</font></div><div><font face="monospace, monospace"> 10.63.232.0 255.255.248.0 On-link 10.63.238.73 286</font></div><div><font face="monospace, monospace"> 10.63.238.73 255.255.255.255 On-link 10.63.238.73 286</font></div><div><font face="monospace, monospace"> 10.63.239.255 255.255.255.255 On-link 10.63.238.73 286</font></div><div><font face="monospace, monospace"> 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 192.168.77.0 255.255.255.0 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 192.168.77.15 255.255.255.255 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 192.168.77.255 255.255.255.255 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 216.240.30.37 255.255.255.255 192.168.77.1 192.168.77.15 11</font></div><div><font face="monospace, monospace"> 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 224.0.0.0 240.0.0.0 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 224.0.0.0 240.0.0.0 On-link 10.63.238.73 286</font></div><div><font face="monospace, monospace"> 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306</font></div><div><font face="monospace, monospace"> 255.255.255.255 255.255.255.255 On-link 192.168.77.15 266</font></div><div><font face="monospace, monospace"> 255.255.255.255 255.255.255.255 On-link 10.63.238.73 286</font></div><div><font face="monospace, monospace">===========================================================================</font></div></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">And with Cisco Anyconnect:</font></div><div><font face="monospace, monospace"><div>IPv4 Route Table</div><div>===========================================================================</div><div>Active Routes:</div><div>Network Destination Netmask Gateway Interface Metric</div><div> 0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.15 10</div><div> 0.0.0.0 0.0.0.0 10.63.232.1 10.63.238.13 2</div><div> 8.19.201.0 255.255.255.0 192.168.77.1 192.168.77.15 10</div><div> 10.63.232.0 255.255.248.0 On-link 10.63.238.13 257</div><div> 10.63.238.13 255.255.255.255 On-link 10.63.238.13 257</div><div> 10.63.239.255 255.255.255.255 On-link 10.63.238.13 257</div><div> 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306</div><div> 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306</div><div> 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306</div><div> 192.168.77.0 255.255.255.0 On-link 192.168.77.15 266</div><div> 192.168.77.1 255.255.255.255 On-link 192.168.77.15 11</div><div> 192.168.77.15 255.255.255.255 On-link 192.168.77.15 266</div><div> 192.168.77.255 255.255.255.255 On-link 192.168.77.15 266</div><div> 216.240.30.37 255.255.255.255 192.168.77.1 192.168.77.15 11</div><div> 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306</div><div> 224.0.0.0 240.0.0.0 On-link 192.168.77.15 266</div><div> 224.0.0.0 240.0.0.0 On-link 10.63.238.13 257</div><div> 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306</div><div> 255.255.255.255 255.255.255.255 On-link 192.168.77.15 266</div><div> 255.255.255.255 255.255.255.255 On-link 10.63.238.13 257</div><div>===========================================================================</div></font></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Aug 8, 2015 at 9:38 AM, David A. Esquivel <span dir="ltr"><<a href="mailto:dae@qcapital.com" target="_blank">dae@qcapital.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>Sounds like a DNS issue. Any Connect does split DNS by default. WIN 10 may have a security issue preventing Shrew from changing your DNS. Have you tried "Run as Administrator"? </div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div style="font-size:85%;color:#575757">Sent from my T-Mobile 4G LTE Device</div>
</div><span>
<br>
<br>
-------- Original message --------<br>
From: "Mark A. Sibert" <<a href="mailto:marksibert@gmail.com" target="_blank">marksibert@gmail.com</a>> <br>
Date: 08/07/2015 23:20 (GMT-05:00) <br>
To: <a href="mailto:vpn-help@lists.shrew.net" target="_blank">vpn-help@lists.shrew.net</a> <br></span><div><div>
Subject: [vpn-help] Upgraded to Windows 10, Outlook 2010 no longer connects <br>
<br>
<div>
<div dir="ltr">So here's a weird problem...
<div><br>
</div>
<div>I have Shrew 2.2.2 (x64) installed. Prior to upgrading to Windows 10, everything worked.</div>
<div><br>
</div>
<div>After upgrading to Windows 10, Outlook 2010 will no longer connect to the Exchange server. It's worth noting that I have to be on VPN to connect to Exchange. No outside access is allowed. Outlook Web Access also does not work, so it seems to be a routing
issue, and not an Outlook issue.</div>
<div><br>
</div>
<div>When I connect using the Cisco Anyconnect client, Outlook 2010 works. OWA works too.</div>
<div><br>
</div>
<div>I tried 2 different configurations in Shrew. In one of them, I had it obtain the topology from the server and tunnel everything. In the other config, I copied the routing information that was displayed in Anyconnect. That tunneled everything but excluded
my 192.* network and one other network. The behavior was the same in both cases.</div>
<div><br>
</div>
<div>I can access internal web pages while on the VPN, so the connection is definitely established and some things are being routed.</div>
<div><br>
</div>
<div>Has anyone else run into this, or know what might be happening? I tried reinstalling Shrew 2.2.2. I also tried the instructions at <a href="http://www.ruudborst.nl/shrewsoft-vpn-filter-blocks-traffic-on-windows-10/" target="_blank">http://www.ruudborst.nl/shrewsoft-vpn-filter-blocks-traffic-on-windows-10/</a>
but it didn't help.</div>
<div><br>
</div>
<div>Any help is appreciated! Thanks!!</div>
</div>
</div>
</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>