DNS Security - Endpoint works with most software, but there are instances when the specific VPN products/services are not compatible with our DNS filtering engine.
Below are the VPN products/services that have been discovered to cause incompatibilities with the DarkLayer Guard engine embedded in the DNS Security - Endpoint product:
- any browsers or VPN browser extensions that bypass the local DNS Servers when resolving the DNS query such as Tor Browser;
- Azure VPN - Azure VPN does not create an NIC adapter that the DarkLayer Guard engine can intercept, but it uses the existing NIC adapter. Unfortunately, DarkLayer Guard can intercept via nslookup, but it cannot intercept DNS queries from the browser;
- Barracuda VPN - is not supported because the VPN is configured to use full tunneling and the DarkLayer Guard does not work with full tunneling;
- Fortigate firewall SSLVPN / WAN Miniport (SSTP);
- GFI Transparent Proxy - GFI Proxy is mostly used in transparent proxy mode (the proxy server is placed between the local network and the internet). This means the endpoints are NOT configured to use a proxy. When DNS Security - Endpoint is installed on the machines, the traffic is filtered locally but it gets redirected through the same gateway GFI is using. This way the packets never reach DarkLayer Guard - Endpoint filtering engine and the requests effectively get resolved at the gateway level and not locally;
- SonicWall Cloud Edge VPN - this VPN product/service supports Full-Tunneling or Split-Include, while the DarkLayer Guard requires Split-Exclude to work;
- Viscosity VPN.
- Verizon SIM
- Wireguard
- Todyl VPN
- Perimeter 81
- WARP VPN - might create High CPU usage if used with DNS-E.
- Docker Desktop - virtualization software that overwrites DNS settings thus conflicting with the IP set by DarkLayer Guard;
- Other VPNs that are not listed as supported here.
In case you are using a VPN solution that is not supported by Heimdal our recommendation is to disable the DarkLayer Guard product and enable the DNS Security Network product, which is configured on the perimeter level (on the DNS servers). Additionally, when it comes to protecting VPN servers (hosts), we recommend you have the DarkLayer Guard product turned OFF. Usually, a VPN Server (host) shouldn't be used to perform DNS queries, but if you still want to do that, you can use the protection offered by the DNS Security Network product, which is configured on the perimeter level (on the DNS servers).