Windows 10 vpn change the dns settings

Question

My Windows 10 VPN IPv4 Properties button does not work. Others have found this too. There are powershell workarounds for changing default gateway options, e.g.

Set-VpnConnection -Name "VPN-NETWORK-NAME-HERE" -SplitTunneling $True

What I need, is to add the corporate DNS servers at the server end to my resolvers when my client is connected via the VPN.

Is there a way to either,

Make the button work? - it did in Windows 7 before the upgrade.

OR

A powershell or registry workaround to add the DNS servers?

help SetVpnConnection shows this:

PS C:\Users\Me> help set-vpnconnection

NAME
    Set-VpnConnection

SYNTAX
    Set-VpnConnection [-Name] <string> [[-ServerAddress] <string>] [[-TunnelType] <string> {Pptp | L2tp | Sstp | Ikev2
    | Automatic}] [[-EncryptionLevel] <string> {NoEncryption | Optional | Required | Maximum | Custom}]
    [[-AuthenticationMethod] <string[]> {Pap | Chap | MSChapv2 | Eap | MachineCertificate}] [[-SplitTunneling] <bool>]
    [[-AllUserConnection]] [[-L2tpPsk] <string>] [[-RememberCredential] <bool>] [[-UseWinlogonCredential] <bool>]
    [[-EapConfigXmlStream] <xml>] [-PassThru] [-Force] [-MachineCertificateEKUFilter <string[]>]
    [-MachineCertificateIssuerFilter <X509Certificate2>] [-ServerList <CimInstance#VpnServerAddress[]>]
    [-IdleDisconnectSeconds <uint32>] [-DnsSuffix <string>] [-CimSession <CimSession[]>] [-ThrottleLimit <int>]
    [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]

   Set-VpnConnection [-Name] <string> [[-ServerAddress] <string>] [[-ThirdPartyVpn]] [[-SplitTunneling] <bool>]
   [[-RememberCredential] <bool>] [[-PlugInApplicationID] <string>] [-PassThru] [-Force] [-ServerList
   <CimInstance#VpnServerAddress[]>] [-IdleDisconnectSeconds <uint32>] [-DnsSuffix <string>] [-CustomConfiguration
   <xml>] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]

How does the VPN server assign ip addressing configuration to the VPN client? It should also be assigning DNS servers to the client. — joeqwerty, Sep 21 '15 at 12:36
Just checked the VPN server. It turns out that it is. The problem should perhaps better be stated as "why can't I resolve instead of having to use the fully qualified .companydomain.local", when I'm using the VPN client? — birdwes, Sep 21 '15 at 13:16
This was a Win10 bug. It was [fixed 2015-10-10.](http://superuser.com/a/979698/389368) — StackzOfZtuff, May 11 '16 at 08:21

score 3 · Accepted Answer · edited Jun 11 '20 at 10:02

Known bug

The do-nothing properties button on the ipv4 protocol is a ubiquitous problem in Windows 10. The problem has been widely reported long ago (before Windows 10 was even released) so do not expect a fix anytime soon. (Update: This is fixed in Win10TH2)

The only way I could manually set the DNS settings was to modify the rasphone.pbk file in C:\Users\<username>\AppData\Roaming\Microsoft\Network\Connections\Pbk. This is where the VPN settings are saved.

Change IpPrioritizeRemote from 1 to 0.
Change IpNameAssign from 1 to 2.
Change IpDnsSuffix to the desired value.
Change IpDnsAddress and IpDns2Address to the desired values.

score 1 · Answer 2 · answered Sep 21 '15 at 21:11

Resolving servername and servername.companydomain.local involve two different mechanisms for name resolution.

Resolving servername.companydomain.local is easy assuming that DNS is configured correctly and that the VPN client has been assigned the correct DNS servers. The VPN client queries the DNS server for a fully qualified domain name for which the DNS server is authoritative.

Resolving servername isn't quite so simple. The DNS server can't answer a query for a single label name because... well it's a single label name, not an FQDN. When querying for a single label name the client is going to primarily use two methods: broadcasts (which won't be routed over a VPN connection, or Link-Local Multicast Name Resolution, which also won't be routed across a VPN connection.

So the solution would be to always use fully qualified domain names or to implement a WINS server (or servers) and to assign that/those servers to the VPN client.

Yes I agree about WINS. but the VPN server did hand out the WINS servers too as node type 0x08. That still didn't work. PPP adapter CONNECTION NAME: Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 10.XXX.0.33 10.XXX.0.29 Primary WINS Server . . . . . . . : 10.XXX.0.33 Secondary WINS Server . . . . . . : 10.XXX.0.29 NetBIOS over Tcpip. . . . . . . . : Enabled — birdwes, Sep 21 '15 at 23:11

score 0 · Answer 3 · answered Sep 21 '15 at 17:09

It turns out that what I really wanted to do was:

 PS C:\>set-vpnconnection "Connection Name" -DnsSuffix companydomain.local

as the DNS was coming from corporate DHCP.

But this does not answer my original question. If I were using a static IP VPN then I would still have to somehow set the DNS.

score 0 · Answer 4 · answered Sep 26 '17 at 15:03

0

I had this problem even with W10TH2 I resolved the issue by simply using a fully qualified domain name (FDQN). Eg: vpn.xyz.com

answered Sep 26 '17 at 15:03

Carey G. Butler

1
1

@CareyGButler: Welcome to Serverfault. While this may be the correct answer, it would improve your answer and potentially provide you with more upvotes if you also showed the powershell commands that you used to make this work. Use the {} code tag as well for clarity. – Scott Lundberg Sep 27 '17 at 14:28

Windows 10 vpn change the dns settings

4 Answers4

Known bug