DNS not response through VPN?

Nikolai · March 26, 2020, 3:17pm

Hi All,

Hundred EWONs work properly with the same settings.
But 3 EWONs (EW4626A, B, EW46267) on different sites have same problem. All of them use modem connection, always online in eCatcher. Problem with sending scv files to the statistics server by FTP. Files are about 90kbytes. Sometimes and rarely the files arrive to ftp server. Basically, we get a lot errors 24007, 24008 then 24916 in the log:

“24916 DNS Unable to resolve host name (xxxx)”

I tried different DNS servers: 8.8.8.8, 8.8.4.4, etc. in the EWON settings, but it did not help.

Security parameter is set - “Discard all traffic except VPN and initiated traffic (ex: EMail)” - i.e. all traffic should only via VPN.

Since all traffic must follow the VPN channel, it means that ftp file transfer is performed via the Talk2M server. Then the DNS request should come from the Talk2M server and not from EWON, right?

I don’t understand why DNS settings make sense if all traffic (including FTP) is sending via VPN to the Talk2M server? Or maybe it isn’t?
Can anybody clarify this question?
What should I do to solve DNS problem?

Nikolai.

deryck_hms · March 26, 2020, 3:42pm

DNS requests do not go thought he VPN this falls under initiated traffic.

Can you provide more details about your setup? You might need to update the firmware of the ewon or the modem if it is a 4g ewon.

You can use ebuddy to update the ewon. If you have a 4g modem follow this doc: https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/application-user-guide/aug-0077-00-en-sib-fix-for-4g-modem.pdf?sfvrsn=d7464fd7_8

Nikolai · March 26, 2020, 6:46pm

Two of them have latest firmware 11_3s0, other one 10_0s2.
Also I set “Allow all traffic on wan connection (no protection)” but it didn’t help.
If “DNS falls under initiated traffic” so ftp sending doesn’t use VPN?
Then DNS problem is problem local jsm providers?

deryck_hms · March 26, 2020, 6:51pm

Is the ewon creating the FTP connection itself? Then it is sending the data directly. If this is the case how are you specifying where to FTP the data?

If you are opening up ecatcher and connecting to the ewon and FTPing data off of the Flexy then that is via the VPN tunnel.

The DNS look up issues can be cause by a many issues. The internet provider could be one reason.

Deryck

Nikolai · March 27, 2020, 8:54pm

Thank you Deryck for explanation.