SSLVPN Split Tunnel and Split DNS with more than one internal domain

In order to improve Microsoft Teams and vpn performance in general we would like to implement split tunnel SSLVPN but we also have more than one DNS domain that we want DNS lookups to be performed by our internal DNS servers over the vpn because we are already using split DNS on the LAN side and VPN clients need to use the internal IP and not the external IP.

Currently, it appears that only one domain name can be entered into the SSLVPN config on the Advanced tab in the Web UI. Is it possible to enter a list of domains that we want to use the VPN DNS Server similar to OpenVPN's "DNS Resolution Zones" (https://openvpn.net/vpn-server-resources/troubleshooting-dns-resolution-problems/)?

Since we are able to use the OpenVPN client, I assume that the Watchguard SSLVPN is at least partially OpenVPN under the hood.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Ian,

    The WatchGuard client doesn't support that, but if you'd like to modify the ovpn file and use openVPN it should be possible. WG's implementation is a customized version of OpenVPN, and should be able to work just fine with that (since the DNS domain (suffix) is just stored in the profile.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.