DNS issue with VPN connection from OSX

Question

Hi all,&nbsp;
I have an issue with the DNS resolvers when I'm connecting with a Mac computer. Problem is the local DNS server already configured on the computer still remains as the "resolver 1", i.e. first resolver to query, even though it should be overwritten with the new resolvers provided from the big-ip. At the very least the "local DNS" should be placed after the new ones. The problem with the current situation is that sometimes the local DNS server will respond with a "REFUSED" message after the client is connected to the VPN, the reason for this I'm not sure but is something out of our hands because the DNS server might be random X wifi somewhere...&nbsp;
Is there any way I can alter how the DNS servers will be handled? I have tried to play around with the options "Enforce DNS search order" and "Allow local DNS" but both these settings doesn't change how the DNS config on the client look like (at least not on the Mac computer). Also there's no difference between portal access (web based) or Network access (from the Edge client).&nbsp;
Best Regards,
Marcus  &nbsp;

max_q_factor · Answer

Have you reviewed this article on apple.stackexchange.com?  &nbsp;
Mac OS X Mountain Lion - DNS resolving uses wrong order on VPN via dial-up connection&nbsp;

seth_cooper · Answer

Hi Marcus,
Can you show the output of the following commands?
$ scutil --dns

$ scutil -r google.com

Also is there anything that stands out in the svpn.log or edge.log in the ~/Library/Logs/F5Networks/ directory?
Seth

antec42 · Answer

Hi MaxQ, it sure looks similar to this problem. I will try to re-order the different interfaces in OSX to make the VPN adapter be the top one in the list, this might influence this?&nbsp;
Seth, I will have the customer get the output from those commands. I will also have a look in the files you specified.&nbsp;
Thanks,
Marcus&nbsp;

antec42 · Answer

Hi everyone,&nbsp;
For your info, the solution to these problems were to avoid split tunneling completely. And to avoid connectivity problems with VS'es through the VPN tunnel we had to seperate the VPN Connections to another route domain. &nbsp;
Just wanted to give an update to what we did to solve this. But this really feels like a work around...&nbsp;
Regards,
Marcus&nbsp;

Forum Discussion

DNS issue with VPN connection from OSX

4 Replies

Recent Discussions

security patch release

VPN fragmented IP packets dropped

minimum tmos software version for connect CIS (openshift)

redirect not working

Reliable resources for identifying IP addresses

Related Content

Regex issue

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Troubeshooting website connection

query regarding connection issues to a particular node in a pool

F5 Connection Mirroring question