Re: [m0n0wall] How to use different DNS-servers for LAN & PPTP?

From:	Melvin <melvin at sleepydragon dot net>
To:	Tobias Balle-Petersen <tbp at kontrapunkt dot com>
Cc:	Quark IT - Hilton Travis <Hilton at QuarkIT dot com dot au>, m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] How to use different DNS-servers for LAN & PPTP?
Date:	Tue, 17 Mar 2009 19:54:56 -0400

Tobias Balle-Petersen wrote:
> <snip>
>
> Now, I have VPN users connecting using PPTP. Let's say a user is 
> connected to our mail server before connecting to the VPN. When the 
> user  connects to the VPN, the client starts using the DNS server on 
> the monowall. This means that the URL of the mail server now resovles 
> to the private (DMZ) IP of the mail server. This confuses the users 
> mail client a lot. They have to restart their mail client to again be 
> able to connect to the mail server. Same thing happens when they 
> disconnect (They stop using the monowall DNS server).
>
> What can I do to let my users use the mail server without hiccups even 
> when using VPN? Do I really need to assign a public IP to my mail server?

I don't know that this is the best solution, but I resolved a similar 
issue by simply using multiple domains.  My normal domain name for 
external folks, including those using the VPN, and a different one for 
internal folks on the LAN.  Simply don't resolve one of the domains via 
the private IP.  The second domain doesn't need to valid if you use it 
only for internal.  As an alternative you could define a secondary MX 
entry which physically goes to the same machine and not resolve it 
internally/externally.  When they can't reach one they should 
automatically switch to the other.

You might also be able to script the startup / shutdown of the VPN 
connection and flush the DNS cache as part of the script.  I suspect the 
client isn't actually where the caching is taking place, particularly if 
the clients are Windows boxes.