7 Replies Latest reply: Jun 20, 2012 9:52 PM by W Sanders
OysteinH Level 1 Level 1 (0 points)

I have created a Cisco VPN connection in Network Preferences.


Interface type = VPN
VPN type = Cisco IPSEC

Authentication type=Shared Secret


Connection is working ok, and I am able to connect to my work network over VPN. 


But the DNS settings is not updated.  When I use the standard Cisco VPN software, my DNS settings are updated (/etc/resolv.conf is changed),  When I disconnet my DNS setting is back to normal.


But when I use the built-in VPN client in Snow Lepard, my DNS settings are not updated when I establish the VPN connection.  I have tried, in the Advanced section of my VPN profile, to add the DNS servers (it is possible to add DNS servers, DNS resolv domains, and proxy servers), but this does not fix it either.


The built-in VPN client is of no use if it does not update the DNS settings while the connection is active.  Our internal servers, and domain, are not placed on a public DNS but internal DNS.  And I guess that goes for most of the companies out there.


Can anyone help ?  My SL is updated as of July 20th 2011 and running on Apple Macbook Pro from August 2010.

Apple Macbook Pro, Mac OS X (10.6.6)
  • 1. Re: VPN connection - Cisco IPSEC - DNS not updated
    drod66 Level 1 Level 1 (0 points)

    Do you have an update on this? I have the same exact issue with Mac OS X Lion. I also tried to change the service order in the Network settings (thinking that the DNS order would be in the same order as these settings - silly me thinking of that would work).

  • 2. Re: VPN connection - Cisco IPSEC - DNS not updated
    rayfromlisle Level 1 Level 1 (0 points)

    I didn't need my DNS to change, so the builtin VPN was working for me.

    That is until update 10.7.1 was applied today. 

    Now the VPN makes the connection, but DNS does not work at all.

    If I know the IP numbers, I can make some things work.

    So, what did they change in the 10.7.1 update?

  • 3. Re: VPN connection - Cisco IPSEC - DNS not updated
    newelement Level 1 Level 1 (0 points)

    I have the same issue. Was working fine under Snow Leppard, but under Lion DNS is not working. I'm lucky if I can connect sometimes too.

  • 4. Re: VPN connection - Cisco IPSEC - DNS not updated
    drod66 Level 1 Level 1 (0 points)

    My understanding is that the DNS settings provided by the VPN endpoint are not merged or inserted in the local TCP stack. As a result, no private host names are resolved.


    My workaround for this is to do the following:


    In the Network settings, start by duplicating your current location (via "Edit Locations..." menu and in the litle gear menu, invoke "Duplicate Location" and give it a name like "VPN"). I did that initial step because I want to be able to switch back and forth between a VPN-enabled location and my default normal location. If this is not a concern for you, you can skip that initial step. Personally, I don't want my machine to try (and fail) connecting to the private DNS services when I'm not connected.


    Once duplicated, switch to it by selecting it in the list. You should see the same list of services in the left panel. Now click the [+] to create a VPN (Cisco IPSec) like you would do normally. Once you entered all required settings, you can Apply the changes and Connect. Once connected to your VPN, you can now do the next steps to fix the host name resolution issue.


    Select that VPN service in the left panel and click the Advanced... button in the main dialog in order to see the DNS / Proxies settings. Take note of the listed DNS servers addresses (they should be displayed with a grey colour). You can now cancel that dialog and select your Ethernet service (or Wi-FI service). Click Advanced... on this one and go to its DNS tab, take note again of your current network DNS addresses (again in grey colour). Now is the time to enter all these values in that box. Enter first the VPN DNS addresses and then the non-VPN ones. You can re-order the list with drag & drop too. Once done, you close that dialog and Apply the changes again.


    You can now start your browser and test a site living on your private network. Your host's name should be resolved now.


    One last note: if your private network has many domains (e.g. *.sub1.company.com, *.sub2.company.com), you may need to add them in the Search Domains box (e.g. sub1.company.com). This is done in the same DNS dialog settings.


    Good luck!

  • 5. Re: VPN connection - Cisco IPSEC - DNS not updated
    newelement Level 1 Level 1 (0 points)

    Thanks, but this did not work for me. I tested my VPN connection on someone else's hotspot and could connect fine. I do have a Time Capsule at home and wonder if it's a bug bewteen the TC and Lion. I did not have these issues on Snow Leopard.

  • 6. Re: VPN connection - Cisco IPSEC - DNS not updated
    Alan Humpherys Level 1 Level 1 (5 points)

    I wish that Apple replied to these posts....  It is quite discouraging to see that others have the same problem as I, and yet Apple leaves us to our own devices to find solutions.


    This is definately a problem with the Lion version of the VPN client.  This functionality worked correctly under Snow Leopard...

  • 7. Re: VPN connection - Cisco IPSEC - DNS not updated
    W Sanders Level 1 Level 1 (0 points)

    drod66's technique worked for me: Duplicate "automatic" location, call it "VPN". Create your VPN config only in the "VPN" location. Define your internal (inside VPN) DNS server IP addresses statically in the VPN location and your ISPs DNS server IP addresses statically in the Automatic location.


    Remember, you have to hit "apply" when you switch locations, and if you start the VPN in Automatic, it will bomb off when you switch to VPN.


    Baffled why this is still broken in 10.7.3. Believe me, it's a PITA to support corporate VPN users which this breakage.


    Is it also broken in non-IPSec clients, like OpenVPN, I wonder?