Support Center > Search Results > SecureKnowledge Details
When connecting with E84.x, most requests are sent to the original DNS server configured on the computer, instead of to the DNS servers provided by the VPN client Technical Level
Symptoms
  • When the user connects with E84.x, most requests are sent to the original DNS server configured on the computer, instead of to the DNS servers provided by the VPN client.
Cause
Starting from Windows XP, Windows has an Automatic Metric feature for IPv4 routes. When you enable this feature for network interface (it is enabled by default), Windows assigns a metric value to an interface based on its type (LAN/WLAN) and speed.



For example, on a Windows 10 machine, 1Gbit LAN interface (most typical case) would be assigned a metric of 25. However,  the Virtual Network Adapter (VNA) installed by the VPN client on the same machine is also assigned a metric of 25 by the Automatic Metric feature, as the VNA speed is 1Gbit. This could lead to DNS resolving problems when VPN tunnel is installed.


(Ethernet = VNA, Ethernet0 = LAN)

Consider: a public DNS is set on a physical LAN interface, and when the tunnel is installed some internal/domain DNS is set on the VNA. When the client attempts to access some internal resource by its DNS-name (expecting that it would be resolved by the internal DNS), the DNS requests for internal resource would be sent through the DNS that is set on physical interface, since the default route on the LAN interface would have a metric of 25, and the route to the internal DNS set on the VNA would have a metric of 26 = 25 + 1. Thus, the DNS on the LAN interface would be preferred. This behavior would lead to a connectivity problems when accessing internal resources (access could take longer than usual or be rejected because of timeout).





Solution
Note: To view this solution you need to Sign In .