Weird VPN/DNS Issue

Oldie

Oldie

Mean Old Administrator
Staff member
Joined
Jan 12, 2004
Messages
21,888
So I'm not a full on pro like you guys, but I don't think I'm completely stupid. This has me stymied. I'm using Anyconnect to join a VPN...or trying to anyway. I can't connect by going to vpn.company.com but if I go to the IP address it works just fine. vpn.company.com is pingable and resolves to the correct IP. I've flushed the DNS cache, changed DNS providers, checked to make sure there was nothing causing issues in the hosts file. Windows Firewall is disabled and there's no other security software running.

I can connect so it's not the end of the world but I can't figure it out and it's driving me a bit nuts. Everything works fine from any other PC I've tried it on.
 
I haven't used Anyconnect, but maybe it's something to do with the ssl cert on the other end? Try going to https://vpn.company.com in a browser and check the certificate. I suppose it's possible the cert is configured with the ip address as the FQDN, instead of the proper FQDN (is that even possible?), and thus the client software is refusing to connect due to a hostname mismatch. Or it could ignore cert errors if you connect directly to IP or something like that.
 
No proxies (I'm very confident it's malware free) and if it were a cert issue, why would it only affect this specific PC? I also have the "Don't connect to unsecure servers" option unchecked.
 
I have recently had a similar issue. I had to turn off IPv6 if I tried to connect via VPN. Not sure if its my router or internet provider causing problems. As soon as I turn off IPv6 my problems went away. I was thinking of wiresharking to see what is going on but since I had no issues with IPv4 I've left it be.
 
deaedius said:
I have recently had a similar issue. I had to turn off IPv6 if I tried to connect via VPN. Not sure if its my router or internet provider causing problems. As soon as I turn off IPv6 my problems went away. I was thinking of wiresharking to see what is going on but since I had no issues with IPv4 I've left it be.
Click to expand...

Well hot damn that worked. I have absolutely no idea why...but it worked. :p

Thanks!
 
Oldie said:
Well hot damn that worked. I have absolutely no idea why...but it worked. :p

Thanks!
Click to expand...

While largely irrelevant at this point, try doing 'nslookup vpn.company.com' and see if an IPv6 address is in the DNS record. If it is, that would explain everything (your computer was attempting to connect via IPv6 and failing).
 
Windows after XP always try an IPv6 lookup first. If the address exists, but there is no route, you get the problem you had.

It's dumb, yes.
 
Dew said:
While largely irrelevant at this point, try doing 'nslookup vpn.company.com' and see if an IPv6 address is in the DNS record. If it is, that would explain everything (your computer was attempting to connect via IPv6 and failing).
Click to expand...

Nope. No idea what was going on, pretty weird issue.
 
You must log in or register to reply here.
Back
Top