Approach for private DNS when using Point-to-Site with Azure VPN Gateway?

3
votes

I have small development and support teams that I need to connect to our private network hosted in Azure. We are using a Windows server that serves Active Directory and DNS for the VMs in the network. I was able to configure Azure VPN Gateway to authenticate and connect to our private network. I can ping our VMs (after making the appropriate NSG changes) so connectivity is good now, but I am trying to figure out how to properly configure the DNS server on the VPN/individual machines.

I personally use macOS, but we have a mix of Windows and macOS machines. Both IKEv2 and SSTP VPN seem to not have any functionality that allows adjusting the DNS servers on connection/disconnection. What is the recommended approach for configuring self-hosted private DNS in this scenario?

1
azurednsvpnazure-vpn
I have the exact same problem, did you found a solution or a workaround?Hipny
Unfortunately, my conclusion was that Azure VPN doesn't support this. I had a small team that had work-issued computers which needed the DNS lookup so I had them manually set the DNS servers in the needed order.thebitguru

1 Answers

0
votes

I have been struggling with the same issue for a while, this seems to have worked for me at least.

  1. Set custom DNS to your internal DNS on the Virtual Network that the Virtual Network Gateway is associated with.
  2. Make sure to reset the Virtual Network Gateway once step 1 is done.
  3. Download VPN Client from the point-to-site configuration on the Virtual Network Gateway
  4. Modify the file Mac/VpnClientSetup.mobileconfig and add the following to the VPN payload. Make sure to adjust the values 10.0.0.1 and mydomain.com
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <array>
            <dict>
                ...
            </dict>
            <dict>
                <key>IKEv2</key>
                <dict>
                    ....
                </dict>
                ...
                <key>DNS</key>
                <dict>
                    <key>ServerAddresses</key>
                    <array>
                        <string>10.0.0.1</string>
                    </array>
                    <key>SupplementalMatchDomains</key>
                    <array>
                        <string>mydomain.com</string>
                    </array>
                    <key>SearchDomains</key>
                    <array>
                        <string>mydomain.com</string>
                    </array>
                </dict>
            </dict>
        </array>
        ...
    </dict>
</plist>

See https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for descriptions/other options. Look for DNS Dictionary Keys