Hello, I have an issue with my F5 BIG IP APM VPN access policy. When establishing the vpn connection from a computer connected to WLAN or Ethernet DNS query works flawless. When sharing my internet connection from iphone, connecting computer to iphone via WLAN, opening VPN client on computer, DNS query does not work properly. It routes the ip address to my dns servers outside the tunnell. I use Split tunnel and the ip address of the dns servers are listed in IPV4 LAN Address Space under network settings under Network access. Why does everything work when connected to WLAN or Ethernet, but not when connected to shared internet from phone? I can ping any other address than the ip of dns servers, witch is routed outside tunnell.

I believe you configured the VPN DNS server in the Network Access. Can you try using DNS relay proxy service, if have not tried it? Install as part of the edgeclient installation.

I have tried the component installer, but dns proxy service seem not to be a part of it. Can you help me with how to install the dns relay proxy and verify the service? regards

Which version are you using? If 11.4, it's under Customize client package. Once installed the service is run under name F5FltSrv.

I´m running 11.4 In the customize client package the dns proxy is checked. I have installed this pacakage on the computer, but this does not solve the problem. Any other suggestions?

F5 BIG IP APM Portal access question - Trouble with VPN when sharing internet connection from phone

17 Replies

kunjan
Nimbostratus
Apr 05, 2014
I believe you configured the VPN DNS server in the Network Access.

Can you try using DNS relay proxy service, if have not tried it? Install as part of the edgeclient installation.
Striker_79_1498
Nimbostratus
Apr 08, 2014
I have tried the component installer, but dns proxy service seem not to be a part of it. Can you help me with how to install the dns relay proxy and verify the service?

regards
kunjan
Nimbostratus
Apr 09, 2014
Which version are you using? If 11.4, it's under Customize client package. Once installed the service is run under name F5FltSrv.
- Striker_79_1498
  Nimbostratus
  Apr 10, 2014
  I´m running 11.4 In the customize client package the dns proxy is checked. I have installed this pacakage on the computer, but this does not solve the problem. Any other suggestions?
kunjan_118660
Cumulonimbus
Apr 09, 2014
Which version are you using? If 11.4, it's under Customize client package. Once installed the service is run under name F5FltSrv.
- Striker_79_1498
  Nimbostratus
  Apr 10, 2014
  I´m running 11.4 In the customize client package the dns proxy is checked. I have installed this pacakage on the computer, but this does not solve the problem. Any other suggestions?
kunjan_118660
Cumulonimbus
Apr 10, 2014
May be check if the DNS server issued by iPhone and that issued by VPN is it overlapped.

You have mentioned that can't ping the VPN DNS servers.. You can check the route print and verify if the VPN DNS server route goes to the VPN adapter IP address.
- Striker_79_1498
  Nimbostratus
  Apr 10, 2014
  When sharing internet Connection from and phone to a computer and Connect to VPN from computer the DNS server ip address is routed to the ip address of the phone isp ip, and not the computer VPN adapter ip address. When Connected to a wlan, Connected vpn the dns is routed to the VPN adapter ip. The problem is only when Connected to vpn With shared internet Connection from phone. It then routes ip address to dns server outside the vpn tunnell...
kunjan
Nimbostratus
Apr 10, 2014
May be check if the DNS server issued by iPhone and that issued by VPN is it overlapped.

You have mentioned that can't ping the VPN DNS servers.. You can check the route print and verify if the VPN DNS server route goes to the VPN adapter IP address.
- Striker_79_1498
  Nimbostratus
  Apr 10, 2014
  When sharing internet Connection from and phone to a computer and Connect to VPN from computer the DNS server ip address is routed to the ip address of the phone isp ip, and not the computer VPN adapter ip address. When Connected to a wlan, Connected vpn the dns is routed to the VPN adapter ip. The problem is only when Connected to vpn With shared internet Connection from phone. It then routes ip address to dns server outside the vpn tunnell...
kunjan
Nimbostratus
Apr 10, 2014
Able to provide the ipconfig and route print from computer?
- Striker_79_1498
  Nimbostratus
  Apr 22, 2014
  Hello, Under Network access-network settings i selected client settings: Advanced When unchecking "Allow local DNS Server" it solved the problem :-)
- Anilrp_225647
  Nimbostratus
  Oct 06, 2015
  I am running into same issue. Can you guide me steps to resolve it. Where did you found "Allow local DNS Server"?
kunjan_118660
Cumulonimbus
Apr 10, 2014
Able to provide the ipconfig and route print from computer?
- Striker_79_1498
  Nimbostratus
  Apr 22, 2014
  Hello, Under Network access-network settings i selected client settings: Advanced When unchecking "Allow local DNS Server" it solved the problem :-)
- Anilrp_225647
  Nimbostratus
  Oct 06, 2015
  I am running into same issue. Can you guide me steps to resolve it. Where did you found "Allow local DNS Server"?
dp_119903
Cirrostratus
Oct 06, 2015
Select Access Policy , Select Network Access/Network Access List, Select your Policy, Select Network Settings

The option to enable or disable local DNS is there.

Forum Discussion

F5 BIG IP APM Portal access question - Trouble with VPN when sharing internet connection from phone

17 Replies

Recent Discussions

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

F5 Connection Mirroring question

Protect an application exposed on Internet with F5 XC WAAP

Health monitor question

F5 APM VPN Choking Internet Bandwidth

Troubeshooting website connection