IKEv2 VPN - domain DNS

Hi all,

I would like to ask - we are using WG M270 (latest Fireware 12.8.B659436) and after connect to VPN through IKEv2 I cannot use PING or RDP with domain hostnames. It started after changing DNS servers inside our domain.

I change it in network interfaces of M270, but it stil does not work.

Can anyone advise me, what else should I change?

Many thanks in advance and have a great weekend.

Robajz

Comments

  • Can you access fully qualified domain hostnames ?
    If so, it could be a domain name suffix issue on your new DNS server(s).

    From the docs:
    You cannot specify a domain suffix in the Mobile VPN with IKEv2 configuration on the Firebox. Mobile IKEv2 clients do not inherit the domain suffix specified in the Network (global) DNS server settings. To manually configure a domain suffix in the Windows IKEv2 VPN client settings, see Configure DNS settings for L2TP or IKEv2 VPN clients in the WatchGuard Knowledge Base.
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_config_edit.html#NetworkSettings

  • Hi Bruce,

    thanks for quick response.

    Yes, I can access FQDN without any problem. I tried to add domain suffix manually to VPN adapter with IKEv2 and it helped.

    But it is strange, that before changing main DNS server it was definitely working (I have desktop shortcuts f.e. RDP with FQDN).

    It is possible to change this settings another way then manully on each vpn client?

  • Did you have WINS set up on your previous DNS server ?
    WINS can resolve just the host name.

  • Yes, I had it on previous server. When I tried to set up on new server, then host name is answering.

    Thanks!

Sign In to comment.