Tunnel all on Android not working (Dec 5 2022)
I've only got the one phone device connecting via VPN. All other devices (laptops) work as expected (tunnel all) and can reach Internet resources via the secure VPN.
On the Android, via the VPN, I can only access resources on my own network. Anything else fails to resolve until I disconnect the VPN.
Private network has internal DNS servers with proper forwarders configured and working.
What am I missing?
Thanks!
Best Answer
-
Allanhitch Newbie ✭
Ok... I'm a moron....
NetExtender for Linux, Version 10.2.824, apparently handles DNS differently than more recent builds.
When selecting "Try remote DNS first, then try local" x.x.824 and prior actually do that!
It seems that, for some reason, later versions don't allow that; at least not if "Tunnel All" is selected at the SSLVPN configuration on the firewall. (actually, this is really how it SHOULD work!)
Using MobileConnect with "Tunnel All" for the client, honors that limitation and has no provisions to use the "local" DNS.
Upon further reflection of the phenomenon, I realized that I had failed to open up the configuration the LAN DNS to respond to requests outside its own LAN.... and, the SSLVPN Address pool, being outside the scope of the normal production LAN precluded the DNS request from being answered. Hence, no Internet access on the Mobile Connect client, and the aforementioned version-dependent limitations on the NetExtender client.
So... a 66 year old retired Commercial I.T. guy makes a freakin' noob mistake... Forgot my own DNS security configurations....
I hope this helps someone!
0
Answers
By the way....
The latest version of NetExtender for Linux that I can get working (tunnel all) is 10.2.824.
I've been seeing things relating to Compression Control Protocol for SSLVPN, but, my SonicOS is 7.0.1-5095 and It's not available anywhere I can find.
I CAN browse the local network over the VPN. I just can't get the phone (Android) to access the Internet via that VPN.