Cisco VPN problem with DNS

[Ryan Golhar]

Have you tried shutting down iptables while connected through the VPN
and see if DNA queries work?



-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Gavin McDonald
Sent: Thursday, June 08, 2006 3:18 PM
To: 'General Red Hat Linux discussion list'
Subject: Cisco VPN problem with DNS


Hi list,

I have a client with a RHEL ES 3 server, 64-bit on Pentium D-930. We
have tried Cisco VPN Client v4.7 and v4.8.

The problem is as such:

The cisco VPN client connects successfully, and IP connectivity is
established.  the RHEL client can connect to all remote servers by IP.
However, DNS is non-functional.  some digging shows that
/etc/resolv.conf is not updated correctly by the VPN client.  Where this
really gets strange though, is that even after correcting resolv.conf to
point to the DNS server, (Which he can ping and even `tracepath
<DNS_IP>/53`,) DNS lookups still fail.  he's been using /etc/hosts to
define remote hosts, and name lookups for servers defined as such work
fine.

I've checked his iptables, and unless I'm mistaken, the first rule
should exlude that as the culprit:

> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere

this rule should catch and allow ALL traffic, right?

So at this point I'm stymied.  I have now tasked our cisco rep with
verifying the VPN server-side setup, but it appears that even if the VPN
were to hand the DNS address correctly, DNS would still fail for a
reason that eludes me.  (as manual edits to resolv.conf fail to work.)

I hope you guys can see something I missed,

Regards,

Gavin McDonald
========================
EVI Logistic Enterprises
email: me at gavitron.com
phone: (604) 313-3845

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list