Mobile Client with Windows 10 Built In VPN (Domain Issues) - RESOLVED

dcdefiore

I'm having trouble with my Mobile Client VPN - I think the trouble is on the client side but I'm not sure.
I want the Mobile VPN to be split tunnel, mostly need to access file shares on the VPN side (by FQDN), don't care about internet traffic.

I am using pfSense IPsec Mobile Client.

Everything below this is unchecked (WINS Servers, Phase2 and Login Banner)

On the Windows side, the VPN is set up as an "All Users" VPN. My end goal is for users to be able to use the 'network logon' on the lock screen to be able to log into the laptop for the first time. This is not working. Everything else about the VPN works - I can do a network logon if I've logged into the machine before, and once I'm in Windows, I can access my network shares and the split tunnel seems to work just fine.

IPv4 Settings (in the Windows VPN adapter)
Obtain IP address automatically
Obtain DNS server address automatically
(Everything else is default in Advanced)

So everything works fine, but when I try to logon with an account that I've never used before, I get the following message:
"We can't sign you in with this credential because your domain isn't available"
and in the eventvwr
"Name resolution for the name DOMAINNAME.com timed out after non of the configured DNS servers responded."
(Although looking at the pfSense logs, it appears that the VPN connection was established, just that Windows couldn't access DOMAINNAME.COM)

HOWEVER - if I "Use default gateway on remote network" (in Advanced TCP/IP settings of the VPN adapter) I can log on with the account for the first time and access my file shares (just can't access the internet) but I don't want my internet traffic to go over the VPN.

Any ideas?

dcdefiore

Fixed by adding mydomain.com to the "DNS Suffix for this connection" option in the VPN adapter on Windows