In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.
The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).
This was working properly in previous version of Windows.
This was widely discussed on this microsoft answers thread.
Answer
I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).
This can be done two ways:
- Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;
- Command line:
netsh int ip set interface interface="LAN CONNECTION NAME" metric=15
The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.
This works with Split Tunneling and is a permanent fix across reconnections and reboots.
Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.
Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.
Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:
1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local
No comments:
Post a Comment