Got it
Huawei Enterprise Support Community
Community Forums Security
how to send DNS suffix (s...

how to send DNS suffix (ssl vpn)

Created: Oct 14, 2020 19:48:49Latest reply: Nov 11, 2020 17:29:00 1048 19 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi there!


I configured an ssl vpn on usg6565. But I need to send DNS suffix to client PC through sslvpn (Seco Client)  


suffix


Can you help me to find this option?


SSL VPN

Like (0) Dislike (0) Favorite(0) Share Report
Previous: [Dr.WoW] [No.27] L2TP NAS-initiated VPNs
Next: [Dr.WoW] [No.26] L2TP Client-initiated VPNs-part2
Featured Answers

Best answer

Recommended answer

(2) (0)
Popeye_Wang
Admin Created Oct 15, 2020 08:03:11

Hi,
As I know, Currently SecoClient does not support this function, that is, pushing the dns suffix.

I suggest you contact the local TAC for confirmation and apply a development request for the function.

https://e.huawei.com/en/service-hotline-query

View more
  • x
  • convention:
All Answers
(0) (0)
2#
Gustavo.HdezF
Gustavo.HdezF Admin Created Oct 14, 2020 19:50:54

Hello User. we are reviewing your question and we will answer you shortly. Thanks.
View more
  • x
  • convention:
(0) (0)
3#
wissal
wissal MVE Created Oct 14, 2020 20:09:13

Hello,

You are kindly advised to check the dns resolve configuration and routes of the dns server.
VPN-instance doesn’t support encapsulate the DNS packet, so there should be a route to direct the DNS packets from the public instance to the vpn-instance. Please refer the configuration below:
update host source ip x.x.x.x vpn-instance PUB_ISP_vod
dns server vpn-instance PUB_ISP_vod
dns resolve
dns server 1.1.1.1
ip route-static 1.1.1.1 32 vpn-instance PUB_ISP_vod x.x.x.x


Thanks

View more
  • x
  • convention:
(0) (0)
4#
andrey.rychkov
andrey.rychkov Created Oct 14, 2020 20:28:31

Hi,
Maybe i have not been clear enough. I do not need to resolve domain name, I just need to send the
DNS suffix to ssl client (PC). Like here on a pic below:

num2

  

View more
  • x
  • convention:
(2) (0)
5#
Popeye_Wang
Popeye_Wang Admin Created Oct 15, 2020 08:03:11

Hi,
As I know, Currently SecoClient does not support this function, that is, pushing the dns suffix.

I suggest you contact the local TAC for confirmation and apply a development request for the function.

https://e.huawei.com/en/service-hotline-query

View more
  • x
  • convention:
(0) (0)
6#
Peterhof
Peterhof Author Created Oct 16, 2020 06:30:36

There are not so much parameters to configure with network extension in SSL VPN.
But if users will enter full name with domain then they will be able to reach the destination if they could reach the DNS server.
View more
  • x
  • convention:
(0) (0)
7#
andrey.rychkov
andrey.rychkov Created Oct 16, 2020 08:44:21

Thank you for your answer!
View more
  • x
  • convention:
(0) (0)
8#
andrey.rychkov
andrey.rychkov Created Oct 16, 2020 09:06:41

Posted by Popeye_Wang at 2020-10-15 08:03 Hi,As I know, Currently SecoClient does not support this function, that is, pushing the dns suffix.I ...
Hi!
If this function is unavailable at this moment, can I use external dhcp server to set up connection instead of local pool ???
View more
  • x
  • convention:
(0) (0)
9#
user_3999557
user_3999557 Created Oct 18, 2020 15:47:40

nice
View more
  • x
  • convention:
(2) (0)
10#
Aquispe
Aquispe Created Nov 4, 2020 19:56:42

Hi Andrey! 

Now, this function is allowed in the new Secoclient Version 7.0.5.1.
You only need apply this command in the vpn gateway section: dns-domain  xxxxxx 


 Look at this example: 

 v-gateway Access_Guest 

 basic
     

       dns-domain midominio.com


dns suffix

It Works!


I hope this help you.


Regards

View more
  • x
  • convention:

andrey.rychkov
andrey.rychkov Created Nov 9, 2020 11:01:20 (0) (0)
Hi !
I wosnt abble to find this app on HW site. Can you give me a link please?  
chenhui
chenhui Reply andrey.rychkov  Created Nov 9, 2020 11:03:44 (0) (0)
Hi andrey, you can download the Secoclient on the firewall firmware download page.  
andrey.rychkov
andrey.rychkov Reply chenhui  Created Nov 9, 2020 12:36:16 (0) (0)
Please give me a hint, do you mean this option?
SYSTEM - VPN Client upgrade - it requires Clientpatchmain file to be downloaded and installed manually. If i`m not mistake the lastest version of this file is 2019-09-23, which i already have.  
chenhui
chenhui Reply andrey.rychkov  Created Nov 9, 2020 12:41:12 (0) (0)
https://support.huawei.com/enterprise/en/security/Secospace%20USG6600-pid-8206049/software/251228329?idAbsPath=fixnode01%7C24030814%7C9856724%7C21430823%7C21100507%7C21342390&subModel=21342390&subModelName=Secospace%20USG6630  
chenhui
chenhui Reply andrey.rychkov  Created Nov 9, 2020 12:42:04 (0) (0)
The link above is the download link for the Secoclient for Secospace USG6600 V500R005C20SPC500. Please find out your current version and download the correct version.  
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.