How to force DNS query pass into SSL VPN tunnel
Here is a SSL VPN scenario. Client is able to establish SSL VPN tunnel successfully and USG enabled “Force all client traffic to enter SSL VPN tunnel” in SSL VPN tunnel.
However, the DNS queries were still sent out from the Ethernet interface(192.168.1.1) but not go through the SSL VPN TAP tunnel interface (192.168.22.5).
The reason is that the Windows platform will keep using the interface DNS server IP as its preferred DNS server by default.
In this case, you can change the SSL VPN TAP interface metric to 1 and higher the interface priority.
Then SSL VPN interface priority will become higher than Ethernet interface and the DNS query will be sent out through the SSL VPN tunnel.
Go to configure your TAP interface > Edit IPv4 IP address > Click Advanced > Change Interface metric as 1.
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 333 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight