SSL VPN slow speed, dns question
Hi guys ! Configured SSL VPN on non standard port 4433.
I have the following set up:
on my
LAN1 I have AD DHCP , DNS ( scope 192.168.0.2-192.168.0.254 mask 255.254.0.0)
(192.168.0.36 )
I also have linux dns caching and dnscrypt server (192.168.0.237).
Now here goes SSL VPN configuration ( with third party certificate for domain)
Zone ssl _vpn
( network extension local ip 192.168.200.1 )
SSL VPN POOL 192.168.100.20-192.168.100.50
DNS1 - 192.168.0.36 ( AD DNS , DHCP server)
DNS2- 102.168.0.237 ( Linux caching server)
Enable network extension
Force all client traffic to enter ssl vpn tunnel
Secu Extender connects .
But I can't connect to local machines by dns name. (for example \\smbshare.domain.local )
smb share works only with IP and http://192.168.0.36
\\192.168.0.36
Also transfer speed from shares is slow
like 200-300 kb/sec ( though no high load on ATP500 )
is there anything im missing?
Thanks!
All Replies
-
How about adding an Address Record in DNS?
smbshare.domain.local 192.168.0.36
0 -
Sorry if stupid question where do I put it in on ATP500 ?
atp500 have no DNs.
active directory is dns server
and linux server with dns
0 -
SSL VPN will have an disadvantage(in compare with L2TP) when it comes to throughput
it's limited to 10Mbp's.
you can see that if you open your adapter settings when connected.
When setting force all traffic to tunnel this will cause more bandwidth, and also slower connection speed in the end..
But in your case this is needed , otherwise you cannot resolve on DNS name in vpn.
Can you Put the firewall as first DNS server in the SSL VPN config. I believe this should solve the issue.
Is your Firewall successfully connected with ad? Does it show up in active directory under computers?
Regarding resolving DNS
what @jasailafan i think means you can find here, but i think this is not your solution you are seeking..
0 -
So you mean I remove those DNS servers, put DNS server as Zyxel USG and manually add server names that I need to work ? It's good that I dont have many servers to try.. Will tell how it goes.
0 -
Also is there going to be improvement over 10 mbs?
0 -
Is your Firewall successfully connected with ad? Does it show up in active directory under computers?
I did not join ATP Device to domain.
0 -
What exactly steps to join in domain? Does joining to domain come from ATP or to join it I go to active directory - computers- add computer ?
0 -
Ok Did some tests.
Ive put DNS server Zywall IP 192.168.200.1
Ive put test.domain.local 192.168.0.48 in DNS zone
Connecting to SSL VPN
trying to ping test.domain.local get answer
Pinging test.domain.local [127.0.0.200] with 32 bytes of data:
Reply from 127.0.0.200: bytes=32 time<1ms TTL=128
Reply from 127.0.0.200: bytes=32 time<1ms TTL=128
Reply from 127.0.0.200: bytes=32 time<1ms TTL=128
Reply from 127.0.0.200: bytes=32 time<1ms TTL=128
nslookup test.domain.local 192.168.200.1
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.200.1
What the heck.. (
0 -
Ok! Figured it out. It seems I have dns leak from provider where I connect VPN_SSL.
Used dnscrypt and then connected with VPN_SSL ( first setup with 2 dns 192.168.0.36 and 192.168.0.237)
works good now.
Last problem is.
If I go http://test.domain.local ( full name) all good
but I cant go http://test without full name . What can I do with this?
using full name for shares not good..
Need prefix of domain.local in my ssl_vpn connection
0 -
So how to configure prefix domain.local for vpn_ssl ? Dont see any option in GUI maybe there is something in terminal ?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight