This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 5%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Hi,
We're performing an Always On VPN project, and have an issue with DNS resolution.
In general we want the AOVPN interface to have a lower metric then the wired NIC.
THe DNS gets chosen, based on the interface with the lowest metric.
We're using a script from Richard Hicks to change the metric of the AOVPN interface.
(https://github.com/richardhicks/aovpn/blob/master/Update-Rasphone.ps1)
It does get set correctly, and is being changed in the rasphone.pbk file located in : "C:\ProgramData\Microsoft\Network\Connections\"
(we're installing it for all users, hence the location of the file).
So far, so good.. Everything seems to get adapted correctly (verified metric on GUI interface too, and it shows the changed metric).
However when a client connects via VPN, they still get the ISP DNS server (via wired interface) to respond instead of the internal DNS server.
Lowering the metric of the AOVPN interface, should have forced this DNS to be used.
Now for the question :)
When checking the metric of the connections via "netsh interface ipv4 show interfaces", the metric is correct (we see the changed one)
When checking via Get-NetIPInterface, the old value is still shown, valued 25, which is automatic. This is the metric being used, and the one queried with netsh is being ignored.
Does anyone know why there is a difference in both ways to query them?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Now , we can narrow down the issue is related with scripts. Don't use script to change the metric. As far as I know, when you connect to VPN successfully, VPN 's adapter interface metric will auto lower than other interface.
Make sure adapters' interface metric are setting to Automatic metric. Then do not use script to change the metric, connect to VPN and then check the results.
The wired interface will always have priority (lower metric) then the AOVPN interface by default.
The AOVPN adapter has the same metric as a wireless interface by default, which is 25.
In my lab, AOVPN interface always has lower metric than local interface. In your case, it seems you need to use Set-NetIPInterface -InterfaceIndex 12 -InterfaceMetric 5 cmdlet to change the metric.
