Community discussions

MikroTik App
 
kapvcop
newbie
Topic Author
Posts: 33
Joined: Sat Oct 20, 2018 4:29 pm

I can not join computers to the domain by VPN

Thu May 19, 2022 1:01 am

Hello, I have a problem, you see I have groups of computers that transmit information let's say to the center of the network through VPN site to site, I am using L2tp/ipsec, now my problem is that I am needing that the computers that are far from the central house can access the company's domain, this domain controller is Microsoft and the difficulty I have is that the remote computers cannot access the domain controller since it is not seeing the DNS.
How do I have the DNS?, locally my mikrotik (outside the central house) enters the ips by dhcp being the same the DNS server, this DNS server points to the IPs of my Domain controller first and last I configure any service provider DNS in case the VPN goes down the computers can continue browsing, despite this it seems that it does not make DNS queries to the central house but prefers to do it let's say 1.1.1.1, for now I have no choice but to tell DHCP to my computers that their DNS server (of the domain) is for example 192.168.1.120 and secondary 1.1.1.1, in this way if they enter the VPN. I don't understand why if I tell the DNS server that your provider is the domain controllers that are reached by the VPN, it doesn't send the search, I've seen in the cache that it seems to try but the addresses come as 0.0. 0.0 plus the name of the domain controller, but it doesn't always happen sometimes and it doesn't even seem to take that into account. If I force the DNS server to only see the domain controller that of course has the role configured if it works but intermittently.
When I create the VPN configuration in the profile tab I configure that the dns server is my domain controller but it seems that this does not help either.
Can you help me with this problem?
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: I can not join computers to the domain by VPN

Wed May 25, 2022 8:10 pm

Do you are just having DNS issues?

Setup a local recursive DNS server at the remote sites that forwards (or as a slave) the internal domain to the DNS server at the 'main office' and all other requests to the DNS server of your choice.

Then point all local hosts to use this DNS server.
 
User avatar
karlisi
Member
Member
Posts: 437
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: I can not join computers to the domain by VPN

Thu May 26, 2022 9:54 am

It is possible to set static DNS entries on remote routers, like this
https://askto.pro/question/setting-up-a ... n-mikrotik
To avoid problems if one of AD DNS servers goes offline, use script to check servers availability and to disable or enable corresponding entry in static DNS table, and run it periodically with scheduler (in my routers this script runs every minute). Something like this (text in russian but only code matters)
https://habr.com/ru/post/505064/comment ... t_22701754
 
kapvcop
newbie
Topic Author
Posts: 33
Joined: Sat Oct 20, 2018 4:29 pm

Re: I can not join computers to the domain by VPN

Thu May 26, 2022 3:23 pm

Do you are just having DNS issues?

Setup a local recursive DNS server at the remote sites that forwards (or as a slave) the internal domain to the DNS server at the 'main office' and all other requests to the DNS server of your choice.

Then point all local hosts to use this DNS server.
Thanks for your answer!, i have that configuration on my topology, but, my DNS server on remotes sites prefers the other DNS server and no take information from my principal DNS server, if i see in DNS cache i can read the names consulted in the DNS cache but the ip address returns as 0.0.0.0 example: domain.local / 0.0.0.0 it is as if it queried but did not resolve the IP address
:(
 
kapvcop
newbie
Topic Author
Posts: 33
Joined: Sat Oct 20, 2018 4:29 pm

Re: I can not join computers to the domain by VPN

Thu May 26, 2022 3:25 pm

It is possible to set static DNS entries on remote routers, like this
https://askto.pro/question/setting-up-a ... n-mikrotik
To avoid problems if one of AD DNS servers goes offline, use script to check servers availability and to disable or enable corresponding entry in static DNS table, and run it periodically with scheduler (in my routers this script runs every minute). Something like this (text in russian but only code matters)
https://habr.com/ru/post/505064/comment ... t_22701754
Thanks for your help, this is my second choice.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: I can not join computers to the domain by VPN

Thu May 26, 2022 6:13 pm


Thanks for your answer!, i have that configuration on my topology, but, my DNS server on remotes sites prefers the other DNS server and no take information from my principal DNS server,
Then then fix/correct your DNS server config.
 
kapvcop
newbie
Topic Author
Posts: 33
Joined: Sat Oct 20, 2018 4:29 pm

Re: I can not join computers to the domain by VPN

Thu May 26, 2022 8:14 pm

Hi, i fix the problem,

From the server side i put my DNS server (from Domain Controller): Open the tap "profile" in PPP configuration then put in "general" tap the DNS server from your Domain Controller (**).
At the other side open PPP -> INTERFACE and in the L2TP/IPSEC -> Dial Out configuration you must to use "USE PEER DNS" by setting on "yes", whe you make this setting in the IP -> DNS SETTINGS appear on "dynamic Server" the IP that you had configuredg (**).
Finally yo can put other DNS SERVER in thsi way if you loss your VPN conection you wil be able to use them.

Bye.

Who is online

Users browsing this forum: Ahrefs [Bot], hatred, lurker888 and 72 guests