Tobias Balle-Petersen wrote:
> Now, I have VPN users connecting using PPTP. Let's say a user is
> connected to our mail server before connecting to the VPN. When the
> user connects to the VPN, the client starts using the DNS server on
> the monowall. This means that the URL of the mail server now resovles
> to the private (DMZ) IP of the mail server. This confuses the users
> mail client a lot. They have to restart their mail client to again be
> able to connect to the mail server. Same thing happens when they
> disconnect (They stop using the monowall DNS server).
> What can I do to let my users use the mail server without hiccups even
> when using VPN? Do I really need to assign a public IP to my mail server?
I don't know that this is the best solution, but I resolved a similar
issue by simply using multiple domains. My normal domain name for
external folks, including those using the VPN, and a different one for
internal folks on the LAN. Simply don't resolve one of the domains via
the private IP. The second domain doesn't need to valid if you use it
only for internal. As an alternative you could define a secondary MX
entry which physically goes to the same machine and not resolve it
internally/externally. When they can't reach one they should
automatically switch to the other.
You might also be able to script the startup / shutdown of the VPN
connection and flush the DNS cache as part of the script. I suspect the
client isn't actually where the caching is taking place, particularly if
the clients are Windows boxes.