Split Tunnel - Domain users cannot change pw over VPN

Hi there,

I have a domain with two DC’s and two DNS servers. The network is plain - only VLAN1.
I’ve got an issue with remote users who cannot change domain passwords while on VPN. When the users try to change the pw there is a message “configuration information could not be saved from the domain controller, either because this machine is unavailable, or access has been denied”.

I configured a Split Tunnel by removing route from the server routes. Also, I put one of the DNS servers (IP) in the "\Server Settings\DNS Server". Plus, user
s “hosts” file has two records for the DNS servers.

Has anyone got a such issue? Any recommendations? Thanks.

It’s likely either a firewall issue or the correct networks are not being routed. If the routes are using NAT the domain controller will need to allow access from the Pritunl server. Disabling NAT may fix the issue and the virtual VPN network can be added to the routing table of the local network.

Thanks. The Pritunl server sits beside our router. The router forwards incoming to the Pritunl so, I cannot disable NAT. Any other suggestions?

The router port forwarding VPN traffic would not impact the local routing configuration. As long as the router allows modifying the routing table the virtual VPN network can be routed to the Pritunl server IP. Once the router has a route for the VPN virtual network NAT can be disabled in the Pritunl server routes options.

This is a routing or firewall issue. Some services will function in ways that are not compatible with NATs. The Microsoft Documentation does not recommend using Active Directory over a NAT.

I did not try Pritunl VPN with tunnelng users’ Internet traffic over VPN. I assume I would not have issues with changing domain pw or gpupdate with that setup.
I followed this guide Accessing a Private Network . There is no “NAT Route” checkbox when you add a Route. I use a free version of the Pritunl server.
It means that my Pritunl server does not have NAT enabled and I need to set up a static route on my router? Thanks.

An enterprise subscription is required for the route options, the free version will use NAT routes.

so, as you are aware of my net layout and P server type, what should be done? Any link to a tutorial?

Wow. I just spent a whole day trying to setup pritunl, following the installation instructions in the official documentation (which are wrong), because I have not been able to set up private network access with any other VPN. I used pritunl because there is a page laying out specifically how to do this, and it is as simple as clicking a checkbox for NAT and setting up a static route in the router. The documentation NOWHERE says that “oh, by the way, you have to pay us $70 a month for the privilege of this checkbox.” You’re not getting $70 a month out of me for a simple homelab project. Using pritunl has been nothing but headaches. It took a whole day to do something I can do with a github script in 20 minutes.

I will never recommend that anyone use pritunl, and I will actively steer people away from using it. Unless the enterprise version includes a personal contact to do every single thing for you, it’s not worth it. The free version is so broken and stripped of features that it’s not even worth the trouble to install.