Hello Melvin.

I appreciate your response. I do, however, think it smells too much of a 
dirty hack for my taste.

Thanks,
Tobias

Melvin wrote:
> Tobias Balle-Petersen wrote:
>> <snip>
>>
>> Now, I have VPN users connecting using PPTP. Let's say a user is 
>> connected to our mail server before connecting to the VPN. When the 
>> user  connects to the VPN, the client starts using the DNS server on 
>> the monowall. This means that the URL of the mail server now resovles 
>> to the private (DMZ) IP of the mail server. This confuses the users 
>> mail client a lot. They have to restart their mail client to again be 
>> able to connect to the mail server. Same thing happens when they 
>> disconnect (They stop using the monowall DNS server).
>>
>> What can I do to let my users use the mail server without hiccups even 
>> when using VPN? Do I really need to assign a public IP to my mail server?
> 
> I don't know that this is the best solution, but I resolved a similar 
> issue by simply using multiple domains.  My normal domain name for 
> external folks, including those using the VPN, and a different one for 
> internal folks on the LAN.  Simply don't resolve one of the domains via 
> the private IP.  The second domain doesn't need to valid if you use it 
> only for internal.  As an alternative you could define a secondary MX 
> entry which physically goes to the same machine and not resolve it 
> internally/externally.  When they can't reach one they should 
> automatically switch to the other.
> 
> You might also be able to script the startup / shutdown of the VPN 
> connection and flush the DNS cache as part of the script.  I suspect the 
> client isn't actually where the caching is taking place, particularly if 
> the clients are Windows boxes.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>