Using SSL VPN in VMware NSX for vSphere results in intermittent DNS resolution
Article ID: 341225
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
When you use an SSL VPN connection to an Edge device in VMware NSX for vSphere, you experience these symptoms:
- DNS resolution is intermittent or unsuccessful.
- DNS resolution uses incorrect or external DNS server instead of the VPN DNS servers provided in the IP pool.
- Flushing the DNS resolver cache temporarily provides successful DNS resolution.
Environment
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.0.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.0.x
Cause
This issue occurs because the DNS server entries are added before the route entries during tunnel creation. In this case, cached DNS information can cause negative DNS records..
Resolution
This is a known issue affecting VMware NSX 6.0.x, 6.1.x and 6.2.x.
Currently, there is no resolution.
To work around the issue, download and extract the 2130617_SetDNS-script.zip file attached to this article and run the extracted script. The script deletes and adds the DNS entries after the Windows VPN client is connected. It changes the order of the route entries and then the DNS entries. The script also stops and starts the DNS cache using a Windows service API call.
To run the script:
- Download the attached zip file 2130617_SetDNS-script.zip.
- Open the zip file and extract the SetDNS.vbs file.
Note: To examine the contents of the .vbs script, open the file using Notepad. - Log in to the VMware vSphere Web Client and navigate to Networking & Security.
- Click NSX Edge.
- Double-click SSLVPN Edge Device.
- Navigate to Manage > SSL VPN-Plus > Login/Logoff Scripts.
- Click the green + symbol and navigate to the SetDNS.vbs file you extracted in Step 2.
- Ensure that the Login and Enabled options are selected and click OK.
Additional Information
Attachments
Feedback
Yes
No
Powered by
