As the complaint is around DNS & the BT Hubs don't allow anything other than BT DNS, it might be worth setting the Google DNS on the device's NIC properties directly.
Might work but surely the device is not using the hub's DNS at all but is tunnelling via the VPN to the office router and accessing DNS services there.
So by default BT routers use BT's pretty decent own DNS servers, and not Google DNS. It would look like your VPN server is pushing client DNS servers to users, but that this user's machine is then making DNS lookups back over the VPN link but to Google DNS. This is going to be a setting either in the VPN client or the network settings of the user's machine. It's not even that hard to over-ride using the routing features with a Draytek router (just route 8.8.8.8 and 8.8.4.4 to the DNS they should be using).
*Using an Asus router with multiple VPN and SDNS services available if they need to be called on
**If the client software is still using WinPCAP or similar, a more modern client could be a fix too!
When you create a vpn client connection, the vpn server normally sends the ip address, mask, dns address etc to the client to use for te connection. In this case it is suggesting that the client has been told to use the google dns server which it is trying to do. If the client is trying to use 8.8.8.8 then it may depend on whether the client is setup to allow split tunnelling or not. I know that by default Cisco client software did not allow that, the result being that any attempt to contact an ip address outside the clients local network would be routed to the vpn server. If the vpn server was also the gateway to the internet then by default the cisco router did not allow incoming packets to be routed (they had to remain on the local network the router was on. Using a Draytek with the default MS client would allow split tunnelling so ip addresses on the internet could be contacted directly. In both cases control was governed by the vpn server and what it sent to the client.
The error message suggests that the client is trying to contact 8.8.8.8 but not through the vpn. It might be worth trying a tracert to see what route is being (or not) taken to the google dns server.
Is this affecting all or only some BT Internet users?
Are the affected users Mac users? Are the unaffected users Mac users?
Hi @countrypaul
This is only affecting BT Internet users and all users are on Mac. I will try tracert tomorrow and try and narrow down the issue.
You may want to read this if you have not already: Connects to the VPN, but doesn't work - Tunnelblick | Free open source OpenVPN VPN client server sof...
Yes I have, I don't believe it's actually a DNS issue, more a routing issue.
I cannot access resources with an IP address. If I try to ping an IP I get the error 'no route to host'.
Which IPs give an error those on the users local (home) network, those on the company network or those on the wider Internet (eg bbc.co.uk?)
Are you using IPv4 or IPv6 addresses?
What are the results of a Route print command (not sure what the Mac version is) both when connected to the vpn and not to the vpn?
I am trying to ping an AWS hosted database so wider internet.
This is the results of a trace route when NOT connected to the VPN:
traceroute to www.google.co.uk (142.250.200.35), 64 hops max, 52 byte packets
1 192.168.1.254 (192.168.1.254) 3.249 ms 2.464 ms 2.769 ms
2 * * *
3 * * *
4 62.172.102.76 (62.172.102.76) 154.432 ms 6.135 ms
62.172.102.78 (62.172.102.78) 6.507 ms
5 peer2-et4-0-7.slough.ukcore.bt.net (62.172.102.33) 6.842 ms
62.6.204.207 (62.6.204.207) 7.979 ms
peer2-et0-0-7.slough.ukcore.bt.net (62.172.102.5) 7.275 ms
6 109.159.253.237 (109.159.253.237) 9.135 ms
195.99.126.247 (195.99.126.247) 9.533 ms
109.159.253.185 (109.159.253.185) 9.397 ms
7 * * *
8 108.170.234.220 (108.170.234.220) 12.882 ms
142.251.54.26 (142.251.54.26) 9.142 ms
142.251.54.48 (142.251.54.48) 8.765 ms
9 192.178.97.52 (192.178.97.52) 7.848 ms
142.251.52.143 (142.251.52.143) 7.520 ms
108.170.246.143 (108.170.246.143) 7.593 ms
10 lhr48s30-in-f3.1e100.net (142.250.200.35) 8.250 ms
142.250.215.205 (142.250.215.205) 7.856 ms
lhr48s30-in-f3.1e100.net (142.250.200.35) 7.679 ms
And this is when I am connected to the VPN:
traceroute: unknown host www.google.co.uk
And if I try to route to google's DNS then I get:
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
traceroute: sendto: No route to host
I am hoping the Route print command (or Mac equivalent should shed some light on why.