Knowledge Base

Why can’t the Mac OS DNS query pass through to the SSL VPN tunnel after it has been established?

Question

Why can’t the Mac OS DNS query pass through to the SSL VPN tunnel after it has been established?

I have installed SecuExtender and received a DNS IP successfully. I have no problem reaching the DNS IP.

However, all of the DNS queries cannot pass through to the SecuExtender DNS IP. Why is that?

Answer

This is due to the Mac OS behavior.

The Mac OS queries the DNS server that exists on the NIC but not on the SecuExtender NIC.

There are 2 ways to solve this issue:

 

(1) Set the DNS IP address (192.168.200.1) as the primary DNS server on the Mac NIC. Before the VPN tunnel is established, the Mac will use the secondary DNS server to query the domain since the primary domain always fails.

After the tunnel is established, the DNS will pass through to the SSL VPN tunnel without any problem.

 

(2) Enable the Force all client traffic to enter SSL VPN tunnel feature on the USG. All traffic will pass through to the SSL VPN tunnel (including the VPN tunnel).

 
Or you can chagne MAC OS setting on SecuExtender.
Open your connections panel. Double click on the connection. Go to "Advanced" and uncomment (remove "#" sign) viscosity dns full.
Then DNS traffc will pass into SSL VPN tunnel.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:015733
TYPE:General Info
FIRMWARE:1.1.4
VIEWS:2289
VOTES:10
TECHNOLOGY:
MODEL:SecuExtender

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support