VPN issues

 

 

A number of VPN issues have been reported over the last few months, below are the recommended workarounds for the specified Issues.

 

Issue 1

Unable to resolve host names in VPN tunnel.

 

The end user has configured their VPN adapter to Append DNS suffixes, this setting should be set to append primary and connection specific DNS suffixes. The DNS suffix for this connection should remain blank as it will learn the suffixes from the VPN concentrator. Please note that because we utilize multiple domains within a VPN group the end user will always need to use the fully qualified domain name to connect to resources.

 

We are also working to verify all DNS records and to migrate all records to DNSone.

 

Issue 2

Loss of connectivity to Novell drives.

 

This is caused by the Novell software utilizing stale tcp connections instead of tearing down the connection and recreating the flow. The work around is described below.

 

Turn off the VPN client stateful firewall by unchecking the stateful firewall always on box under the options pull down. Turn on the Windows firewall, the Windows firewall has been tested and seems to not have the same issue as the VPN client firewall.

 

If the user chooses to use a firewall other than the Windows firewall they will possibly will need to configure the firewall to open the following ports from olive.und.nodak.edu (134.129.201.116)

 

TCP 524 - NCP Requests - Source port will be a high port (1024-65535)

UDP 524 - NCP for time synchronization - Source port will be a high port

UDP 123 - NTP for time synchronization - Source port will be the same

UDP 427 - SLP Requests - Source port will be the same (427)

TCP 427 - SLP Requests - Source port will be the same (427)

TCP 2302 - CMD - Source port will be a high port

UDP 2645 - CMD - Source port will be the same (2645)