Configure DNS and WINS Servers for Mobile VPN with L2TP

In Fireware v12.2.1 or higher, for DNS and WINS resolution on Mobile VPN with L2TP clients, you can select to:

DNS forwarding is not supported for mobile VPN clients.

Domain Name Suffix

You cannot specify a domain name suffix in the Mobile VPN with L2TP settings on the Firebox. Although you can specify a suffix in the network (global) DNS settings on the Firebox, L2TP VPN clients do not use this suffix.

If the mobile client must resolve local host names through the VPN, you must manually configure a suffix in the DNS settings on the mobile client. To manually configure DNS server and suffix settings for Windows VPN connections, go to Configure DNS settings for L2TP or IKEv2 VPN clients in the WatchGuard Knowledge Base.

If you change the DNS server IP address, clients must disconnect and then reconnect to receive the new IP address.

In Fireware v12.2 or lower, Mobile VPN with L2TP clients automatically inherit DNS servers from the Network (global) DNS/WINS settings on your Firebox. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list. WINS servers and the domain name suffix are not inherited. For information about the Network DNS/WINS settings, go to Configure Network DNS and WINS Servers.

Use the Network DNS/WINS Settings

In the Mobile VPN with L2TP configuration, you can specify that mobile clients should use the Network (global) DNS servers configured on your Firebox. This is the default option.

When you select this option, mobile clients receive the DNS servers you specify at Network > Interfaces > DNS/WINS. For example, if you specify the DNS server 10.0.2.53 in the Network DNS/WINS settings, mobile VPN clients use 10.0.2.53 as a DNS server. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list.

For mobile users to resolve internal domain names on your network, specify an internal DNS server first in the list. If you specify only a public DNS server, mobile users can resolve public domain names, but not internal domain names.

Mobile L2TP clients do not inherit the domain name suffix specified in the Network DNS server settings.

  1. Select Network > Interfaces.
    The Interfaces configuration page appears.

Screen shot of the Network Interfaces page, DNS Servers and WINS Servers section

  1. In the DNS Server or WINS Server text box, type the primary and secondary address for each DNS or WINS server.
  2. Click Add.
  3. (Optional) Repeat Steps 2–3 to specify up to three DNS servers.
  4. (Fireware v12.3 or higher) Select VPN > Mobile VPN.
  5. In the L2TP section, click Configure.
  6. (Fireware v12.2.1) Select VPN > Mobile VPN with L2TP > Configure.
  7. In the DNS Settings section, select Assign the network DNS/WINS settings to mobile clients.
  8. Click Save.
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Select the WINS/DNS tab.
    The information on the WINS/DNS tab appears.

Screen shot of the Network Configuration dialog box WINS/DNS tab

  1. In the DNS Servers text box, type the IPv4 or IPv6 address for each DNS server.
  2. Click Add.
  3. (Optional) Repeat Steps 3–4 to specify up to three DNS servers.
  4. (Optional) In the Domain Name text box, type a domain name that a DHCP client appends to unqualified host names.
  5. In the WINS Servers text boxes, type the primary and secondary IPv4 address of the WINS servers.
  6. Click OK.
  7. Select VPN > Mobile VPN > LT2P.
  8. In the DNS Settings section, select Assign the network DNS/WINS settings to mobile clients.
  9. Click OK.

Use the DNS and WINS Settings in the Mobile VPN Configuration

When you select the Assign these settings to mobile clients option, mobile clients use the DNS servers you specify in the Mobile VPN with L2TP configuration. For example, if you specify 10.0.2.53 as the DNS server, mobile clients use 10.0.2.53as the DNS server.

When you select this option, mobile clients do not use the servers specified in the Network DNS/WINS settings on the Firebox. For example, if you only specify a DNS server in the Mobile VPN with L2TP configuration, clients only receive that DNS server. In this scenario, if a WINS server and domain name are configured in the Network DNS settings, clients do not receive those settings.

You can specify up to two DNS server IP addresses. You cannot specify a domain name suffix.

  1. (Fireware v12.3 or higher) Select VPN > Mobile VPN.
  2. In the L2TP section, click, Configure.
  3. (Fireware v12.2.1 or lower) Select VPN > Mobile VPN with L2TP.
  4. Select Configure.
  5. In the DNS Settings section, select Assign these settings to mobile clients.

Screen shot of the DNS Settings

  1. Click Save.
  1. Select VPN > Mobile VPN > L2TP.
  2. In the DNS Settings section, select Assign these settings to mobile clients.

Screen shot of the DNS Settings

  1. Click OK.

Do Not Assign DNS or WINS Settings to Mobile VPN Clients

When you select the Do not assign DNS or WINS settings to mobile clients option, Mobile VPN with L2TP clients do not receive any DNS settings from the Firebox.

Related Topics

Mobile VPN with L2TP

Use the WatchGuard L2TP Setup Wizard

Edit the Mobile VPN with L2TP Configuration