Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile Client with Windows 10 Built In VPN (Domain Issues) - RESOLVED

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 970 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dcdefiore
      last edited by

      I'm having trouble with my Mobile Client VPN - I think the trouble is on the client side but I'm not sure.
      I want the Mobile VPN to be split tunnel, mostly need to access file shares on the VPN side (by FQDN), don't care about internet traffic.

      I am using pfSense IPsec Mobile Client.

      Everything below this is unchecked (WINS Servers, Phase2 and Login Banner)

      On the Windows side, the VPN is set up as an "All Users" VPN. My end goal is for users to be able to use the 'network logon' on the lock screen to be able to log into the laptop for the first time. This is not working. Everything else about the VPN works - I can do a network logon if I've logged into the machine before, and once I'm in Windows, I can access my network shares and the split tunnel seems to work just fine.

      IPv4 Settings (in the Windows VPN adapter)
      Obtain IP address automatically
      Obtain DNS server address automatically
      (Everything else is default in Advanced)

      So everything works fine, but when I try to logon with an account that I've never used before, I get the following message:
      "We can't sign you in with this credential because your domain isn't available"
      and in the eventvwr
      "Name resolution for the name DOMAINNAME.com timed out after non of the configured DNS servers responded."
      (Although looking at the pfSense logs, it appears that the VPN connection was established, just that Windows couldn't access DOMAINNAME.COM)

      HOWEVER - if I "Use default gateway on remote network" (in Advanced TCP/IP settings of the VPN adapter) I can log on with the account for the first time and access my file shares (just can't access the internet) but I don't want my internet traffic to go over the VPN.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • D
        dcdefiore
        last edited by

        Fixed by adding mydomain.com to the "DNS Suffix for this connection" option in the VPN adapter on Windows

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.