I have a problem i can't work out.
Client is using fortinet client and fortigate firewalls for VPN services. I can't go into specifics of config, but here's the problem i'm seeing. Basically, a user connects to teh VPN with an ip range of say, 192.168.154.x, the DNS they're given (is routable) to 192.168.0.20.
Now, DNS works fine, internet connectivity works fine, everything is going great, until about 15 minutes in, outlook and skype stop working until the VPN tunnel is torn down and restarted. BUT, while the tunnel is still up, a traceroute and nslookup to outlook.office365.com swaps from it's expected CNAME IP address to 127.8.0.77 or 127.8.0.127.
What could potentially be the cause of this? I swear it's something the remote DNS is doing but the client claims the DNS is ok. I have a head scratcher here i can't get passed.
I had originally thought maybe the DNS server was also hosting some tunneling service or was doing some weird o365/azure express route tunnelling (you know, loopback on different port for some outbound service handling) but the client says they're not doing any of that, any anything on their network that's not in the VPN tunnel sees the true o365 DNS, so it kinda rules out something funky in the client's group policies. Only VPN users are affected, but the VPN uses the same path as the unaffected corporate fixed traffic, hence why i tend to dismiss the VPN itself as the issue.
No comments:
Post a Comment