rdpudd.dll 10.0.20348.1070 03-Jun-23 KB5027225
rdpudd.dll 10.0.20348.1070 27-Apr-23 KB5026370
rdpudd.dll 10.0.20348.1070 30-Mar-23 KB5025230
rdpudd.dll 10.0.20348.1070 09-Mar-23 KB5023705
rdpudd.dll 10.0.20348.1070 03-Feb-23 KB5022842
rdpudd.dll 10.0.20348.1070 06-Jan-23 KB5022291
rdpudd.dll 10.0.20348.1070 15-Dec-22 KB5022553
rdpudd.dll 10.0.20348.643 01-May-22 KB5013944
rdpudd.dll 10.0.20348.643 21-Apr-22 KB5012637
rdpudd.dll 10.0.20348.643 02-Apr-22 KB5012604
rdpudd.dll 10.0.20348.469 08-Mar-22 KB5011558
rdpudd.dll 10.0.20348.469 02-Mar-22 KB5011497
rdpudd.dll 10.0.20348.469 10-Feb-22 KB5010421
rdpudd.dll 10.0.20348.469 25-Jan-22 KB5010354
rdpudd.dll 10.0.20348.469 19-Jan-22 KB5009608
rdpudd.dll 10.0.20348.469 15-Jan-22 KB5010796
rdpudd.dll 10.0.20348.469 05-Jan-22 KB5009555
rdpudd.dll 10.0.20348.407 03-Jan-22 KB5010197
rdpudd.dll 10.0.20348.405 07-Dec-21 KB5008223
rdpudd.dll 10.0.20348.379 06-Nov-21 KB5007254
rdpudd.dll 10.0.20348.350 02-Nov-21 KB5007205
rdpudd.dll 10.0.20348.320 15-Oct-21 KB5006745
Tag Archives: end
Watchguard – SSL VPN clients cannot resolve internal host names despite DNS servers being configured for the connection
You may find that when you configure your Watchguard XTM Firewall to accept SSL VPN connections that clients can connect to
the VPN and ping IP addresses of internal resources, however you cannot resolve internal hosts even via FQDN using DNS. You
may also find that when you run NSLOOKUP on the SSL VPN connected client that the result is your Internet Service Providers
DNS servers rather than the DNS servers assigned via the VPN connection.
To resolve the issue you can change your SSL VPN configuration from a “Routed VPN” to a “Bridge VPN”, the routed VPN uses a
virtual IP address pool (192.168.113.0/24) which does not match your internal IP range or the address range of the internal
DNS Servers. When a Windows client connects to the “Routed VPN” it appears that due to the DNS server mismatch they are not
utilised by the client.
When you configure the VPN in “Bridge VPN” mode you can work around this issue, the Bridge VPN configuration allows you to
exclude some addresses from your Windows DHCP Server Pool and add the into them “Start” and “End” IP addresses on your
Watchguard SSL VPN Configuration Page. The Watchguard will now become responsible for assigning these internal IPs to VPN
clients as they connect rather than the Windows DHCP Server.
You should now find that when your SSL VPN clients connect that they are assigned an IP address and DNS server that are all
within the existing internal IP range of your network. An NSLOOKUP should now return your internal DNS server address and
you should be able to ping hostnames and FQDNs that reside within your internal network.
Examples:
ping windowsserver
ping windowsserver.exampledomain.local
Please remember that the only down side with this configuration is that a “Bridge VPN” bridges to the “Trusted” interface,
this means that the client computer can access any internal resources that they have permissions for by default. A “Routed
VPN” allows you to offer traffic to Optional/secondary networks and gives you more control by letting you lock down access
using “Specify allowed resources”.