Weird Issue Microsoft Outlook / OpenVPN

StormGate

Long story short, I had to configure WAN2 on our Netgate 6100 because WAN1 appears to be faulty and will not connect to any service. Anyway, I previously had VPN users using port 1195 and things worked fine. After moving to a new service (went from cable to fiber), for the life of me couldn't get the users to connect (of course IP change), I was unable to figure out how to update and export a new profile that reflected the new external IP and get it to work.

So I opted to just create a new OpenVPN server, new users, import the config and reconnect the users. The issue I am now experiencing are my local staff when using OpenVPN connect client, it is interfering with Microsoft Outlook which is configured on exchange. If the VPN client is off, Outlook opens and connects fine to exchange, fire up VPN and now Outlook can't send email, sometimes disconnects etc.. If the VPN client is active first before even starting Outlook, Outlook cannot connect to the exchange server which is an on premise server. This new VPN server is using port 1196, I'm not seeing this port being used anywhere else, the IP assignment is not anything on the local DHCP. Not exactly sure what I did wrong in the setup.

Although this 6100 is now slated to be replaced with an 8200 due to the interface issue, I would like to know and fix whatever it is I misconfigured. Question, if I make changes within the OpenVPN server configuration will previous connected clients still connect? Thanks

Gertjan

@StormGate said in Weird Issue Microsoft Outlook / OpenVPN:

now Outlook can't send email, sometimes disconnects etc..

Only outlook ?
Your Outlook uses mail settings, with mail server host names etc.
When connected, do not start up outlook right away. Go command line and 'nslookup' the host names Outlook uses. Do they resolve to the correct IP addresses ?
You can ping the mail server by IP and host name ?

@StormGate said in Weird Issue Microsoft Outlook / OpenVPN:

I was unable to figure out how to update and export a new profile that reflected the new external IP and get it to work.

Here :

If your WAN IP is 'static', you can select that, and enter the WAN2 IP.
Or, if you think that your ISP might change it (thus dynamic), use a dyndns type host name, make make sure it always connect to your WAN2 IP.

@StormGate said in Weird Issue Microsoft Outlook / OpenVPN:

If the VPN client is off, Outlook opens and connects fine to exchange

?
Bow it uses another mail server ?

@StormGate said in Weird Issue Microsoft Outlook / OpenVPN:

Not exactly sure what I did wrong in the setup.

Compare the initial VPN server with the new one ?

StormGate

@Gertjan With the VPN client active, I cannot NSLOOKUP anything on my local network, it is using the Netgate 6100 as its assigned DNS.

Gertjan

@StormGate said in Weird Issue Microsoft Outlook / OpenVPN:

With the VPN client active, I cannot NSLOOKUP anything on my local network

Just to be sure : nslookup on the active VPN client device, right ?

ipconfig /all

confirmed that the DNS IP is the IP sued by the tunnel - the other side, where the resolver (unbound) should be listening.

Check unbound settings - normally, it listens on all interfaces :

:

Check also unbound acl's (Services > DNS Resolver > Access Lists if you use them).

OpenVPN firewall rule ok ?

StormGate

@Gertjan You helped me find the problem, on the other VPN server, I had selected to give the client the domain name and swapped my DNS entries. All good now. Appreciate your help, your the man!