I’m using win10 (domain member) with an ipsec connection to a pfsense firewall:
Add-VpnConnection -Name „vpn“ -ServerAddress „vpn.corp.local“ -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -AllUserConnection -RememberCredential -DnsSuffix corpl.local
Add-VpnConnectionRoute -ConnectionName „vpn“ -DestinationPrefix 10.64.0.0/16 -PassThru
To route all dns traffic into the tunnel, i set a very low metric on the tunnel interface.
If i start the vpn manually with a local user, all is fine and dns traverses tunnel and reaches domain DNS. However when using Network Sign-in (windows pre-vpn connectoin on logon prompt) the vpn connection comes up and tries to find a windows domain controller for logon via DNS, but queries the LAN dns-server, that knows nothing about my remote domain.
What can i do? Looks like a windows bug to me.
