Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Global VPN Client issues - Windows DHCP server filling up with BAD_ADDRESS

NoMaxNoMax Newbie ✭
edited December 2021 in Mid Range Firewalls

We have been experiencing issues with our Global VPN client users for some time now and I have not been able to find a resolution to the problem. Here is a description of what is happening. We have 2 SonicWall NSA 2600s in HA mode,

A user is working from home using the global VPN client. Instead of shutting down their PC when they are finished working, they just close the lid or let the compuer enter sleep mode. When they come into the office and wake their PC the VPN client will still be running. If you look at the VPN client on their PC it will be stuck on "Authenticating".

What happens in this scenario is all the unused DHCP addresses on our Windows DHCP server will be taken up with BAD_ADDRESS coming from this client with the VPN active. I can go into Wireshark to see the DHCP Deny entries and find the MAC address of the PC who is running the VPN client while in the office. The BAD_ADDRESS entries will continue to be generated until the entire range of DHCP addresses is exhausted.

Windows DHCP Server BAD_ADDRESS:

Wireshark DHCP Deny example:

The DHCP server handling the requests for the Global VPN client is the SonicWall and the network is /24

The DPCP server handling the requests for the on-site Office network is WIndows Server 2016 and the network is

There is no overlap of networks serveved by the 2 DHCP servers. I have had several tickets open with SonicWall support and so far thay have not been able to resolve the issue. I am hoping someone here can provide some insight.

Thank you in advance for any suggestions you may have.

Category: Mid Range Firewalls


  • Options
    prestonpreston Enthusiast ✭✭
    edited December 2021

    Hi @ NoMax, what interface is assigned to on the SW, and what Interface is assigned to SW?

  • Options
    NoMaxNoMax Newbie ✭ is assigned to X0, is not assigned to a separate interface, it's just using the internal DHCP server of the SonicWall and then linked to X0

  • Options
    prestonpreston Enthusiast ✭✭
    edited December 2021

    Hi @NoMax , try as my answer in the below ( don't set the Virtual Adapter to None as in the example though, leave as DHCP)

    it should then force the GVPN Client to connect to the WAN IP from inside without looking internally for DHCP

  • Options
    TOBTOB Newbie ✭

    Hi @NoMax - did you ever figure this out or try the workaround from @preston? We're having the same problem with TZ series devices.

  • Options
    truckboxtruckbox Newbie ✭

    Same problem here. Lucking I can track down the MAC address and let the person know to turn off the VPN

  • Options
    truckboxtruckbox Newbie ✭

    I have been dealing with this forever. I am finally tired of it. Did anyone figure this out?

  • Options
    KevinSKevinS Newbie ✭

    Did you ever figure this out? I've got the same issue with TZ270's and GlobalVPN clients. It "seems" to be related to folks not disconnecting their VPN connection (perhaps putting their MS Surfaces to sleep) before coming into the office.

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hi All,

    Could you share "DHCP over VPN" settings? I didn't remember on version 5.9 but version 7 you can find below path.

    "Network / IPSec VPN / DHCP over VPN"

Sign In or Register to comment.