Split Tunnel - Domain users cannot change pw over VPN

Hi there,

I have a domain with two DC’s and two DNS servers. The network is plain - only VLAN1.
I’ve got an issue with remote users who cannot change domain passwords while on VPN. When the users try to change the pw there is a message “configuration information could not be saved from the domain controller, either because this machine is unavailable, or access has been denied”.

I configured a Split Tunnel by removing 0.0.0.0/0 route from the server routes. Also, I put one of the DNS servers (IP) in the "\Server Settings\DNS Server". Plus, user
s “hosts” file has two records for the DNS servers.

Has anyone got a such issue? Any recommendations? Thanks.

It’s likely either a firewall issue or the correct networks are not being routed. If the routes are using NAT the domain controller will need to allow access from the Pritunl server. Disabling NAT may fix the issue and the virtual VPN network can be added to the routing table of the local network.

Thanks. The Pritunl server sits beside our router. The router forwards incoming to the Pritunl so, I cannot disable NAT. Any other suggestions?

The router port forwarding VPN traffic would not impact the local routing configuration. As long as the router allows modifying the routing table the virtual VPN network can be routed to the Pritunl server IP. Once the router has a route for the VPN virtual network NAT can be disabled in the Pritunl server routes options.

This is a routing or firewall issue. Some services will function in ways that are not compatible with NATs. The Microsoft Documentation does not recommend using Active Directory over a NAT.

I did not try Pritunl VPN with 0.0.0.0/0 tunnelng users’ Internet traffic over VPN. I assume I would not have issues with changing domain pw or gpupdate with that setup.
I followed this guide Accessing a Private Network . There is no “NAT Route” checkbox when you add a Route. I use a free version of the Pritunl server.
It means that my Pritunl server does not have NAT enabled and I need to set up a static route on my router? Thanks.

An enterprise subscription is required for the route options, the free version will use NAT routes.

so, as you are aware of my net layout and P server type, what should be done? Any link to a tutorial?