NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi router not pushing DNS to VPN client
I have enabled VPN server on the Orbi router and i am able to connect to it from both my Mac and my iPhone. However, i am having issue with the VPN service not pushing its DNS to either the Mac or th...
OK, an example.
By default you connect from work to your home VPN with the DNS lookup homevpn.mydomain.net
Your work DNS server doesn’t have this DNS entry so it looks for it on the Internet DNS servers your work IT people have set, likely 8.8.8.8
You then make a connection to the VPN which adds an IP route on your Mac so you can reach other home computers.
If the DNS servers changed on your Mac to your home ones then the source lookup for homevpn.mydomain.net on the Internet would disappear and the VPN would drop.
You wouldn’t be able to resolve a server
It’s not the Orbi but the VPN client on the Mac. You need to set it to have Split Mode DNS.
By default you connect from work to your home VPN with the DNS lookup homevpn.mydomain.net
Your work DNS server doesn’t have this DNS entry so it looks for it on the Internet DNS servers your work IT people have set, likely 8.8.8.8
You then make a connection to the VPN which adds an IP route on your Mac so you can reach other home computers.
If the DNS servers changed on your Mac to your home ones then the source lookup for homevpn.mydomain.net on the Internet would disappear and the VPN would drop.
You wouldn’t be able to resolve a server
It’s not the Orbi but the VPN client on the Mac. You need to set it to have Split Mode DNS.
The VPN service in the Orbi router (i believe this is similar to other Netgear router offering VPN service) has three options when it comes to "Clients will use this VPN connection to access":
- Auto
- All sites on the Internet & Home Network
- Home Network
When i initially set up the VPN service, i selected the "All sites on the internet & home network" because that's what i wanted.
However if you choose that option, the VPN DNS is not pushed by the VPN service to replace the local DNS AFTER you have established the VPN connection.
After changing the option to "Auto", the VPN service started pushing its DNS to replace the local DNS after the VPN connection is established. However now i have a different problem. My apparent IP address is still the local one assigned by my work DHCP server.
So this is what happens if you choose these options for "Clients will use this VPN connection to access":
Auto: Apparent IP address does not change but the DNS is replaced
All sites on the Internet & Home Network: Apparent IP address does change but the DNS does not
Home Network: Same as Auto
Correct. Forget Auto for a moment.
You have "Home Network" which routes Internet traffic out of your works Internet pipe and any home traffic down the VPN.
You have "Internet and Home Network" that only keeps a work Internet connection active purely to carry the outside VPN itself out to the Internet. Any other Internet traffic like disney.com is then routed inside the VPN down to your Orbi and will use your home Internet provider to access the web site.
Auto is doing choosing "Home Network" which is what standard VPN connection do.
The questions are :
1. When connected to either "Home Network" or "All sites on the Internet and Home Network", are you trying to reach a server at home with a domain address such as myserver.home and cannot resolve it?
2. When connected to "Home Network" you can't resolve workserver1.workdomain?
Also are you using the OpenVPN Mac client?
https://openvpn.net/
BSGWith the "internet and home network" option, the VPN DNS is not replacing the work DNS so if i try to get to any website like google.com, it won't (because tthe work DNS does not respond request from outside its network). In other words, once the VPN is established, there is the work DNS is not resolving any DNS requests coming from a 192.168.1.x IP.
I have not really tried the "Home network" too much because my purpose is not to just use the home network when i VPN to my home router.
I am using Tunnelblick. I tried the latest general release and i installed the latest beta hoping for a different outcome but it is the same.
This doesn't sound so much a VPN issue rather than a routing one.
The VPN client should add an IP route to the Mac that if any non routeable IP addresses eg 192.168.1.x are used they are routed down the VPN. The Orbi would route these to the Internet. If that route isn't being added then you would get the effect as you describe.
I would try the official OpenVPN Mac client rather than Tunnelblick.
The other uncommon possibility is that your work IP people have put a block on changing routing info on the Mac possibly stopping people watching Netflix over a VPN rather than not being to view it in the office due to the corporate firewall blocking it, for example.