It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Network Access Client

Best Practice

  • Last updated on

The following cases should be considered when configuring a VPN using the Barracuda VPN Client 5.1.7 and higher on macOS.

No Internal DNS Server Available

If the VPN server is set up with an external DNS server without any further configurations, the DNS will not be used for any external traffic. It is recommended to use an internal DNS server to bypass this behavior. The following example shows the introduction of an App Redirect rule with the DNS caching service enabled while the gateway IP is used as a DNS server. This configuration ensures a correct DNS resolution.

Step 1. Configure DNS Settings on the Barracuda CloudGen Firewall
  1. Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.
  2. In the left menu, click DNS Settings.
  3. Click Lock.
  4. In the DNS Server IP table, add the gateway IP address to the DNS Server IP list. This address will be queried by the Barracuda CloudGen Firewall.
    DNS_1.png
  5. Click Send Changes and Activate.  
Step 2. Enable Caching DNS on the Barracuda CloudGen Firewall
  1. Go to CONFIGURATION > Configuration Tree Box > Administrative Settings.
  2. From the Configuration Mode menu, select Switch to Advanced View.
  3. In the left menu, click Caching DNS Service.
  4. Click Lock.
  5. From the Run Forwarding/Caching DNS list, activate the local caching/forwarding DNS service.
  6. In the DNS Query ACL table, add the network address 0.0.0.0/0 to allow access to the DNS service via an App Redirect rule.
    DNS_2.png
  7. Click Send Changes and Activate.

For general instructions on how to configure DNS settings on the Barracuda CloudGen Firewall, see How to Configure DNS Settings and How to Configure a Caching DNS Service.

Step 3. Configure the Client Network

Configure the VPN client network. As the Type, select routed (Static Route).

DNS_3.png

 For more information, see Step 2 in How to Configure a Client-to-Site VPN Group Policy.

Step 4. Create an App Redirect Rule

Create an access rule to allow the VPN client network to access the DNS service.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. Create an access rule with the following settings:
    • Action – Select App Redirect.

    • Source – Select the VPN client network.
    • Destination – Select explicit and enter the gateway IP address.
    • Service – Select DNS.
    • Redirection – Enter the local IP address and port of the DNS service. For example, 127.0.0.1:53.
    DNS_4.png

For general instructions on how to create an App Redirect rule on the Barracuda CloudGen Firewall, see How to Create an App Redirect Access Rule.

The VPN configuration should now be up and running with the gateway acting as DNS server IP address. 

DNS_5.png

DNS Probing

The VPN configuration, such as changes to the resolve.conf file, is now done exclusively by the system. To get information about the current DNS configuration, use scutil --dns

Note that nslookup is not using the default system API.

Last updated on