Automagically Register Local DNS server on VPN Connect (Windows)

As an independent contractor, I work with a number of companies.  Each one has their own networking structure, their own VPN rules and their own business software and processes.     Because of this, I have my own software for CRM, project Management and accounting that I run on a local server.  I run my local servers/service with docker, a reverse proxy and local DNS.  The issue arises when I connect to a client VPN and they set their own DNS servers as priority over my own.  I lose access to my local servers/services bookmarked with network name.  Since I’m local, I can use the ip and port, but it’s hard to remember and no fun at all.  What I need is a way to automatically add my local DNS server as primary every time I connect to VPN.  Here’s how I did it:

Step 1:  Script the DNS entry

My development VM is running Windows 7 so this might be different for other OSes.  Create a command/batch/shell bash script that contains the following script with the red bits replaced for your configuration.

netsh interface ipv4 add dnsserver name="<Interface Name>" addr=<DNS IP> index=<Index>

<Interface Name>

This should be easy but it threw me the first time I tried.  The windows network documentation states that this value MUST match exactly the name in the Network Manager…  If you look at the Network Connections page on control panel, you’ll see the VPN client interface listed as “Cisco AnyConnect Secure Mobility Client Connection” or something along those lines depending on your version of the client.

incorrect_cisco_interface_name

This will not work!!! Cisco seems to have thrown a visual alias on their connection for the UI, but the system knows this interface as a different name.  The system name is needed for this command which you can find by running the following:

C:>netsh interface ipv4 show interfaces

Idx Met MTU State Name
--- ---------- ---------- ------------ ---------------------------
 1 50 4294967295 connected Loopback Pseudo-Interface 1
 11 10 1500 connected Local Area Connection
 13 1 1200 connected Local Area Connection 3
 16 5 1500 disconnected Local Area Connection 2

I have two (virtual) interfaces on this machine which I can verify are Local Area Connection and Local Area Connection 2.  Using my amazing powers of deduction, I can safely assume Local Area Connection 3 is the interface I want.  Your interface name may be different, but in any case, be sure to add quotes around any interface name with spaces.

<DNS IP>

If you don’t know the IP address of your DNS server, please stop reading and contact your system administrator.  Changing these settings can have adverse effects if you’re not sure what you’re doing.

<Index>

The position in the order of DNS servers starting with position 1.  For my purposes, I want my DNS checked before falling back to remote servers, so I use the value 1.

The final command looks like this:

netsh interface ipv4 add dnsserver name="Local Area Connection 3" addr=192.168.1.5 index=1

Save that to a file called vpn_dns_entry.cmd and run it.  Then check your network properties and make sure your DNS entry is listed.  tcp_properties_dns

Step 2:  AUTOMATE IT!!

So this part I lifted directly from here:  http://superuser.com/a/262880  I’m not going to waste time explaining what’s already been explained perfectly, so here’s the content:

In Windows Vista and later, you can do this using a scheduled task with an event log trigger. The first event will be triggered by connecting to the network, and you will specify which network you must be connected to for it to run. The second event will be triggered when disconnecting from any network. Each event will run a specific task that you specify; likely the scripts you mentioned having written.

Setting an event for when you connect to the network:

  1. Open the Task Scheduler. You can find it by typing Task Scheduler into the start menu search box, or under Programs | Accessories | System Tools.
  2. In the Task Scheduler library, create a new task by clicking Create Task in the Actions panel on the right side.add task
  3. Give the task a name like “detect network connect” or whatever you choose
  4. On the Triggers tab, click New... and select On an Event from the dropdown box.dropdown trigger
  5. Choose the following settings:
    • Log: Microsoft-Windows-NetworkProfile/Operational
    • Source: NetworkProfile
    • Event ID: 10000
  6. Click OK, then go to the Conditions tab.
  7. Check the box for Start only if the following network connection is available and choose the network you want to run the script with
  8. Under the Actions tab, click New... and select Start a program. Enter the location of the script file you want to run, then click OK.
  9. Set any other task settings you want to, then click OK.

Once you have this set up, connect to your VPN as you normally do.  Check your IP4 DNS Settings and with a little luck, your DNS server should be there as expected.

tcp_properties_dns

Repeat this for each of your VPN connections as needed.  In my case, I have three VPN clients with different connection names to specify in the Scheduled task.  I simply repeated Step 2 for each of my connections and it’s running perfectly.

I’m not sure how many people out there are regularly running one or more VPN connections as well as a local DNS server, but I hope this helps someone else.  Have questions or a better suggestion?  Lwt me know in the comments.

 

Leave a Reply

Your email address will not be published. Required fields are marked *