Did I do everything right Site To Site VPN thee locations

  • Hello,

    Everyone was so helpful in my other post. The tunnels I setup a few weeks ago are rock solid and the customer is very happy with it. However there is a small issue with resolving internal names by their DNS names. The server at headquarters is the DC and also runs DNS. Each branch pfsense serves DHCP for its network, but I added manual DNS settings in there so the primary DNS shows the IP of the DC at headquarters and the secondary DNS is the IP of the local pfsense router. It has a few times failed to resolve the servers IP address only on certain machines (I verified through an ipconfig /all" that the clients are set right) basically if they reboot the client two or three times it usually starts resolving the DCS name again. Might I have something set wrong?

    In a Windows environment and for DNS update reasons might it be better to have the windows server run DHCP for each branch? I am thinking long term here.

    I am getting ready to install a location with four locations this weekend and want to hash out any issues.

  • Anyone, I have one more day?!?

  • set an override for the domain in the dns settings, so that requests for z.com go to the dc.

  • Is this what you are referring too?

    DNS servers (Under Services DHCP Server)

    NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.

    I have the top one set to the DC at headquarters and bottom one is set to the local pfsense box

    Is that right?

  • yes , if that doesnt work then you need to install the dns server package (tiny dns) and set it up from there.

  • I have only done that at a client with 3 total locations so far. The two branches resolves the dc's and terminal server at headquarters about 90 percent of the time. Mostly in the morning when a pc boots up it cant access the terminal server by name, etc. If they reboot the pc about 3 to 8 times it will usually pick it up by name and go. To fix it I have been having them start the rdp session by IP and it works every time like that. My new client is much larger and has many different needs and is more DNS intensive. Thats why I am trying to figure out how it should be before I set them up saturday. Otherwise they would have tons of intermittent DNS issues and it would make my company image look bad. Does your DNS suggestion still apply? I need to be up at 2 AM so I will check your response in the morning. Thanks so much for your suggestion so far.

  • I would go with the tiny dns package. theres an option to do overrides, this is where you will put the dc's ip's.

  • Ok, I assume thats installed from Packages and is fairly straight forward. I have the pfsense book so I will reference it and see if it mentions anything of it. Thanks for your help.

Log in to reply