Community discussions

MikroTik App
 
spacemoose
just joined
Topic Author
Posts: 6
Joined: Sat Mar 13, 2010 1:56 pm

dns problem for incomming vpn users

Sat Mar 13, 2010 2:22 pm

Hi!

I have recently set up a 450G with routeros 4.5 and having some trouble with the internal dns for incomming vpn users.
If a user connects to the internal network in the office the dns queries resolves just fine, but when the very same user connects via vpn (pptp) to the router the dns queries do not resolve.

I've set up static records in the internal dns with FQDN. Example:
Name: router.office.local
Address: 10.15.0.1
TTL: 1d 00:00:00

In the DHCP server I have set up the DHCP network as follows:
Address: 10.15.0.0/24
Gateway: 10.15.0.1
DNS Servers: 10.15.0.1
DNS Domain: office.local
Domain: office.local

This will cause the local office users to receive a dns suffix from DHCP and it is possible for them to ping "router" without entering the FQDN (router.office.local).

The remote users logged in by vpn (pptp) do not receive this dns suffix and can not ping "router". It works fine using the FQDN though. I think that the PPTP Server has it's own way of delivering ipadresses and do not use the DHCP Server and because of that a dns suffix is not set for the vpn user.

How do I make the remote users able to resolve in the same way as a locally connected user?
 
rpress
Member Candidate
Member Candidate
Posts: 113
Joined: Thu May 07, 2009 5:13 am

Re: dns problem for incomming vpn users

Mon Mar 15, 2010 9:52 pm

Yep, I noticed the lack of DNS suffix for VPNs as well. Eventually I resorted to using a WINS server.
 
spacemoose
just joined
Topic Author
Posts: 6
Joined: Sat Mar 13, 2010 1:56 pm

Re: dns problem for incomming vpn users

Mon Mar 15, 2010 11:11 pm

Unfortunatly I do not have the luxory of WINS servers at all sites. :( Have you thought of any other solution as an workaround?
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: dns problem for incomming vpn users

Mon Mar 15, 2010 11:35 pm

Is it a Windows AD Domain behind the firewall? If so, it doesnt matter. They will find the domain via DNS queries. If it really matters, you can just put the dns suffix in the Windows TCP/IP configuration for the PPTP connection. But.. If it is a domain, it doesnt matter..

EDIT: I dont know of PPTP has any means of sending a local dns suffix. Could be wrong.
 
spacemoose
just joined
Topic Author
Posts: 6
Joined: Sat Mar 13, 2010 1:56 pm

Re: dns problem for incomming vpn users

Tue Mar 16, 2010 12:12 am

Is it a Windows AD Domain behind the firewall?
Hi! thanks for your answer.
No, there is not an Windows AD behind the firewall. Im only using an internal domain (office.local) in the internal dns server of the mikrotik router.
I know it is possible to add the dns suffix manually on each connection, but this seems to be a bit clumsy to do that. I want a soultion where i do not need to make changes on the clients.

Am I using the internal dns server the wrong way?
 
spacemoose
just joined
Topic Author
Posts: 6
Joined: Sat Mar 13, 2010 1:56 pm

Re: dns problem for incomming vpn users

Tue Mar 16, 2010 10:26 am

Found in another post a link to the following DHCP FAQ http://www.dhcp-handbook.com/dhcp_faq.html#cdsra
PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility as DHCP or BOOTP in handing out other parameters. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT's remote access support does this.

A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters using this feature of DHCP.
So now is my question.. Is it possible to use DHCPinform i some way? ;-)
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: dns problem for incomming vpn users

Wed Mar 17, 2010 4:40 pm

/ppp profile set <used_profile> dns-server=
Is it the feature, that you need to implement?
 
spacemoose
just joined
Topic Author
Posts: 6
Joined: Sat Mar 13, 2010 1:56 pm

Re: dns problem for incomming vpn users

Wed Mar 17, 2010 10:42 pm

/ppp profile set <used_profile> dns-server=
Is it the feature, that you need to implement?
Thanks for your answer sergejs, but this is not the problem. The setting you suggest does only add the dns server to the pptp user. I want a way to set the dns suffix like for instance Windows Server PPTP VPN do.
I use the built in dns server in the mikrotik and want vpn users to write the hostname of the host instead of the FQDN when logged in remotly via vpn.

I e typing "ping router" instead of "ping router.office.local". Is this kind of setup even possible on a mikrotik?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: dns problem for incomming vpn users

Mon Mar 22, 2010 4:28 pm

Yes, thank you for the clarification.
It is not possible to set DNS suffix from RouterOS at current point.
 
spacemoose
just joined
Topic Author
Posts: 6
Joined: Sat Mar 13, 2010 1:56 pm

Re: dns problem for incomming vpn users

Wed Mar 24, 2010 11:40 am

Yes, thank you for the clarification.
It is not possible to set DNS suffix from RouterOS at current point.
Thanks for your answer. I was afraid of that. :( Is it something you could add to your list of feature requests? ;)
Would be nice if support for the DHCPInform was implemented since that would do the trick.
 
User avatar
bluecrow76
newbie
Posts: 33
Joined: Wed Sep 13, 2006 11:55 pm

Re: dns problem for incomming vpn users

Thu Jul 01, 2010 8:42 pm

Just adding my two cents.

Not being able to set the dns-suffix for a vpn is a big problem, and has been a big problem ever since we started using Mikrotik routers years ago in V2. I'm pretty sure this has been a feature request for a LONG TIME.

Every new customer that comes our way gets a Mikrotik router. Of all the wonderful amazing things that we are able to do with these routers, the dns-suffix is always a problem. If we are migrating someone from a Windows RAS server to servicing the VPN users on the Mikrotik using Radius authentication, because we cannot push the dns-suffix to the clients when they connect to the pptp server, we have to GO TO EACH COMPUTER AND MANUALLY SET THE DNS SUFFIX!

I can't believe that adding the dns-suffix to the pptp, l2tp, and even ovpn engines is that difficult compared to some of the other things the RouterOS guys are working on.

Adding that, and the ability to push routes to the ovpn clients would make us UBERHAPPY!

That aside... keep up the great work... these things are amazing! :-)
 
fresnel
newbie
Posts: 46
Joined: Sun May 23, 2010 6:02 am

Re: dns problem for incomming vpn users

Tue Aug 10, 2010 7:59 am

I would like to add my two cents on the DNS suffix issue. It would be very helpful to have the ability to add a DNS Search suffix to the OS to could be appended to any short name entered on the command line.
 
andreacoppini
Trainer
Trainer
Posts: 498
Joined: Wed Apr 13, 2005 11:51 pm
Location: Malta, Europe

Re: dns problem for incomming vpn users

Fri Oct 01, 2010 2:27 pm

+1

.. and a method for pushing out routes to the client for split-horizon routing.
 
karloska
just joined
Posts: 5
Joined: Mon Nov 21, 2011 4:20 pm

Re: dns problem for incomming vpn users

Mon Nov 28, 2011 12:11 pm

Is adding a DNS Suffix to Router OS possible yet?
 
weelee
just joined
Posts: 1
Joined: Fri Mar 23, 2012 2:27 pm

Re: dns problem for incomming vpn users

Fri Mar 23, 2012 2:33 pm

+1
Do you have any news about this topic?
I'm using OSX and passing DNS suffix (and search domain) would be very important in order to make the Wide-Area Bonjour work.
In this case the users could see the network shares right after establishing the VPN (L2TP/IPSec) connection.

Please add this feature to the roadmap if it is still not there.
 
_saik0
Member Candidate
Member Candidate
Posts: 129
Joined: Sun Aug 26, 2007 11:18 pm

Re: dns problem for incomming vpn users

Mon Apr 16, 2012 7:50 pm

I wouldn't mind that DNS suffix can't be supplied from MT to the client, but the problem is that my W7 l2tp client with manually configured dns suffix looses that config once the client connects. The DNS suffix can't be applied not even manually on a windows client.
Is there a way around that at least?
 
goobles
just joined
Posts: 18
Joined: Fri Jun 10, 2011 11:18 am

Re: dns problem for incomming vpn users

Wed Feb 06, 2013 12:06 pm

Hi,

I just ran into this issue.

Has it been solved yet?

Can only ping server.domain.local.

Not just server =/
 
beamer
newbie
Posts: 36
Joined: Mon Aug 20, 2012 12:40 am

Re: dns problem for incomming vpn users

Fri Jul 26, 2013 12:08 am

+1

I also have this issue, particularly with Mac OS X and iOS clients using PPTP. In the Mac VPN properties I can at least set the domain suffix manually, but in iOS there's no way to do so. :(
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: dns problem for incomming vpn users

Wed Jan 29, 2014 1:12 pm

Is there any news regarding this issue?

thank you in advance,
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: dns problem for incomming vpn users

Wed Feb 05, 2014 4:54 pm

Ok, here is the support answer :

Hello,

Unfortunately such feature is not planned at the moment.

Regards,
Sergejs
 
Cipol
just joined
Posts: 4
Joined: Sat Jun 14, 2014 3:21 am

Re: dns problem for incomming vpn users

Sun Nov 29, 2015 5:56 am

Is it really such a big problem to add this feature. It would be very useful. We are moving entire company to MIKROTIKS and I have directors that have mapped drives using NetBIOS names. They cannot access mapped drives due to lack of dns suffix over VPN connection.

Thanks
 
fl0pp
just joined
Posts: 9
Joined: Mon Mar 11, 2013 12:53 am

Re: dns problem for incomming vpn users

Thu Dec 03, 2015 5:34 pm

Is this feature not yet implemented?
Can anyone give me a good reason why not?
 
tmiksa
just joined
Posts: 3
Joined: Sat Dec 26, 2015 11:10 am

Re: dns problem for incomming vpn users

Sat Dec 26, 2015 11:16 am

What about implementing DNS suffix push in OpenVPN, still not functional in latest version of RouterOS and this is a very big problem I think. We have company users which map network drives by hostnames, and now they need use entire hostname with domain suffix and that's unacceptable and confusing! When will be this basic function supported? :shock:
 
onyx3821
just joined
Posts: 7
Joined: Wed Mar 12, 2014 9:28 pm

Re: dns problem for incomming vpn users

Mon Mar 28, 2016 6:59 pm

So, any new info on this ? This is exactly the problem with our VPN customers... Mikrotik can set the dns-suffix in DHCP on the lan / wlans / vlans, why not PPP ?
 
dadoremix
Member Candidate
Member Candidate
Posts: 133
Joined: Sat May 14, 2011 11:31 am

dns problem for incomming vpn users

Mon Mar 28, 2016 11:22 pm

Use older version of mikrotik
I also have problem with pptp
Last stable is blocking
Go back to bug fix channel
Every new version something old not working.
 
VladKoldobskiy
just joined
Posts: 4
Joined: Fri Feb 09, 2018 12:38 am

Re: dns problem for incomming vpn users

Mon Feb 26, 2018 8:57 pm

Surprised to see that this is still (almost 8 years after the initial post!) doesn't seem to be implemented.
Is there any news? That is a serious problem with VPN setup for me - editing connections on 500+ machines just doesn't look right.
 
JOSHUAMGRAY
Trainer
Trainer
Posts: 3
Joined: Fri Sep 19, 2014 5:35 pm

Re: dns problem for incomming vpn users

Tue Nov 27, 2018 5:25 pm

2x on this. I need it for a major client.
 
ShyLion
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Sep 28, 2017 7:24 am

Re: dns problem for incomming vpn users

Wed Dec 12, 2018 8:27 am

People, there is NO dns-suffix in PPP protocol.
Windows Clients obtain it via other means, like DHCP requests over PPP link, AFTER PPP link is established and operational.
It is MS specific implementation.
To make the same functionality ROS creators should rewrite lots of code, i guess, intercepting DHCP broadcasts on PPP link.
Same comes for classless static routes feature.

Here is the proof, tcpdump on fresh ppp session:
11:28:58.214277 IP (tos 0x0, ttl 128, id 24, offset 0, flags [none], proto UDP (17), length 328)
    10.10.2.22.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request, length 300, htype 8, hlen 0, xid 0x60b7f51f, secs 2304, Flags [none] (0x0000)
	  Client-IP 10.10.2.22
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Inform
	    Client-ID Option 61, length 17: "AM-nM-^]^P^XX&BM-$cM-@M-%M-UM-|kM-D"
	    Hostname Option 12, length 11: "win7-client"
	    Vendor-Class Option 60, length 8: "MSFT 5.0"
	    Parameter-Request Option 55, length 6: 
	      Domain-Name-Server, Netbios-Name-Server, Vendor-Option, Subnet-Mask
	      Classless-Static-Route-Microsoft, Domain-Name
Take note on request options.

Who is online

Users browsing this forum: Florian, Laxity and 36 guests