Jump to content


Photo

Windows VPN Client virtual Adapter priorization


  • Please log in to reply
6 replies to this topic

#1 Manuel Huber

Manuel Huber
  • Members
  • 166 posts

Posted 14 August 2019 - 03:41 AM

Hello,

 

the virtual VPN adapter of Barracuda VPN client should be set on first position (as is default setting), e.g. to permit internal DNS resolution.

On some occasions, this automatic priorization doesn´t work. Affected clients are from different customers, different OS versions, installed software etc., we cannot see any outstanding common setting.

 

Barracuda support tells us to ask Microsoft why Barracuda client cannot set the metric as configured.

Unfortunately, I can´t really do that, so I wonder if other users have found a solution to this issue?

Currently, we´re manually setting the metric, might be done by GPO.

 

Thank you!

 



#2 Kirill Kovalev

Kirill Kovalev
  • Members
  • 1 posts

Posted 22 October 2019 - 05:47 AM

We have absolutely the same problem.

Dear Barracuda support, will you answer something regarding this problem?



#3 Manuel Huber

Manuel Huber
  • Members
  • 166 posts

Posted 18 March 2020 - 10:50 AM

Hello,

 

due to the situation, suddenly many more users are using Barracuda VPN client.

 

The problem mentioned above appears on many clients. It´s very weird, the clients of one customer are basically all the same but only some have this problem. And it´s spread over all different installations/customers/Windows versions/Barracuda VPN client versions.

 

Is there really no solution?!?



#4 Florian Huber

Florian Huber
  • Members
  • 1 posts

Posted 19 March 2020 - 05:10 AM

We started to use the NAC (Network Access Client) this week because of working at the Home Office. About 30% of all users can establish a connection but lokal DNS is used instead of configured company DNS. As a workaround of this issue we manually set a lower metric for the virtual interface of the VPN connection. This should be managed by the NAC automatically. All of our employees uses the same device which are deployed with a company system image - very homogenous environment. Only some job specific applications cause a small difference.

Please fix this issue soon.



#5 Alexander Thomas

Alexander Thomas
  • Members
  • 1 posts

Posted 20 March 2020 - 04:15 AM

Hello all,

 

Due to the current crisis, much more users are using Client-To-Site VPN with Barracuda VPN Client.
With some users it happens that the DNS resolution does not work because the private DNS e.g. from Fritzbox is used. Implementing the workaround for every user is quite an effort.

When can we expect a solution from Barracuda?



#6 Johannes Hager

Johannes Hager
  • Members
  • 1 posts

Posted 24 March 2020 - 08:49 AM

Hi all,

 

the occasional problem with automatic adapter prioritisation was fixed with Version 5.1.1 of the Network Access Client (https://campus.barra...-1-for-windows/).

 

The second issue with DNS resolution is related to a Windows feature called smart multi-homed name resolution. Windows will send DNS requests across all network adapters if this feature is enabled. It can be disabled with a Group Policy. You can find detailed instructions how to disable it here: https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/.

Hope this helps all of you! If you are still running into problems, please open a support ticket (https://login.barrac...rks.com/support).



#7 Manuel Huber

Manuel Huber
  • Members
  • 166 posts

Posted 30 March 2020 - 11:03 AM

Thank you Johannes!

Disabling "smart multi-homed name resolution" worked for a test client.

 

I´m not sure why it needed this setting at all as according to Microsoft Group Policy Editor documentation "In the event that multiple positive responses are received, the network binding order is used to determine which response to accept".

So either there is no positive feedback from public DNS, then DNS provided by VPN adapter is used or there is a positive feedback from public DNS but highest binding is used which is always VPN adapter.

Maybe it  can be some timing issue...or the documentation is not quite accurate.

 

Anyway, wouldn´t it be a good idea that the VPN client automatically prevented the usage of any other DNS server once connected, to ensure working DNS resolution and to prevent DNS leakage to alien DNS servers?

I guess this needs a feature request.