I have recently set up a 450G with routeros 4.5 and having some trouble with the internal dns for incomming vpn users.
If a user connects to the internal network in the office the dns queries resolves just fine, but when the very same user connects via vpn (pptp) to the router the dns queries do not resolve.
I’ve set up static records in the internal dns with FQDN. Example:
Name: router.office.local
Address: 10.15.0.1
TTL: 1d 00:00:00
In the DHCP server I have set up the DHCP network as follows:
Address: 10.15.0.0/24
Gateway: 10.15.0.1
DNS Servers: 10.15.0.1
DNS Domain: office.local
Domain: office.local
This will cause the local office users to receive a dns suffix from DHCP and it is possible for them to ping “router” without entering the FQDN (router.office.local).
The remote users logged in by vpn (pptp) do not receive this dns suffix and can not ping “router”. It works fine using the FQDN though. I think that the PPTP Server has it’s own way of delivering ipadresses and do not use the DHCP Server and because of that a dns suffix is not set for the vpn user.
How do I make the remote users able to resolve in the same way as a locally connected user?
Is it a Windows AD Domain behind the firewall? If so, it doesnt matter. They will find the domain via DNS queries. If it really matters, you can just put the dns suffix in the Windows TCP/IP configuration for the PPTP connection. But.. If it is a domain, it doesnt matter..
EDIT: I dont know of PPTP has any means of sending a local dns suffix. Could be wrong.
Hi! thanks for your answer.
No, there is not an Windows AD behind the firewall. Im only using an internal domain (office.local) in the internal dns server of the mikrotik router.
I know it is possible to add the dns suffix manually on each connection, but this seems to be a bit clumsy to do that. I want a soultion where i do not need to make changes on the clients.
PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn’t have the same flexibility as DHCP or BOOTP in handing out other parameters. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT’s remote access support does this.
A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters using this feature of DHCP.
So now is my question.. Is it possible to use DHCPinform i some way?
Thanks for your answer sergejs, but this is not the problem. The setting you suggest does only add the dns server to the pptp user. I want a way to set the dns suffix like for instance Windows Server PPTP VPN do.
I use the built in dns server in the mikrotik and want vpn users to write the hostname of the host instead of the FQDN when logged in remotly via vpn.
I e typing “ping router” instead of “ping router.office.local”. Is this kind of setup even possible on a mikrotik?
Thanks for your answer. I was afraid of that. Is it something you could add to your list of feature requests?
Would be nice if support for the DHCPInform was implemented since that would do the trick.
Not being able to set the dns-suffix for a vpn is a big problem, and has been a big problem ever since we started using Mikrotik routers years ago in V2. I’m pretty sure this has been a feature request for a LONG TIME.
Every new customer that comes our way gets a Mikrotik router. Of all the wonderful amazing things that we are able to do with these routers, the dns-suffix is always a problem. If we are migrating someone from a Windows RAS server to servicing the VPN users on the Mikrotik using Radius authentication, because we cannot push the dns-suffix to the clients when they connect to the pptp server, we have to GO TO EACH COMPUTER AND MANUALLY SET THE DNS SUFFIX!
I can’t believe that adding the dns-suffix to the pptp, l2tp, and even ovpn engines is that difficult compared to some of the other things the RouterOS guys are working on.
Adding that, and the ability to push routes to the ovpn clients would make us UBERHAPPY!
That aside… keep up the great work… these things are amazing!
I would like to add my two cents on the DNS suffix issue. It would be very helpful to have the ability to add a DNS Search suffix to the OS to could be appended to any short name entered on the command line.
+1
Do you have any news about this topic?
I’m using OSX and passing DNS suffix (and search domain) would be very important in order to make the Wide-Area Bonjour work.
In this case the users could see the network shares right after establishing the VPN (L2TP/IPSec) connection.
Please add this feature to the roadmap if it is still not there.
I wouldn’t mind that DNS suffix can’t be supplied from MT to the client, but the problem is that my W7 l2tp client with manually configured dns suffix looses that config once the client connects. The DNS suffix can’t be applied not even manually on a windows client.
Is there a way around that at least?
I also have this issue, particularly with Mac OS X and iOS clients using PPTP. In the Mac VPN properties I can at least set the domain suffix manually, but in iOS there’s no way to do so.
Have you thought of any other solution as an workaround?
