Skip to main content
davidwood139
davidwood139
New Member
July 16, 2018
Question

Can't enable DNS on VPN Tunnel

  • July 16, 2018
  • 1 reply
  • 10739 views

Hi All, 

 

I'm encountering an issue when trying to enable DNS on my host to site VPN tunnel. For some reason I can't save a change I've made. 

 

I would like to untick "Use system DNS in mode config" and then enter the DNS sever of another IP address range. (Its from another site which is connected or a separate site to site tunnel)  When I attempt to click "Complete Section" the button refused to click. 

 

Does anyone know why?

 

Thanks,

David

1 reply

davidwood139
davidwood139Author
New Member
July 16, 2018

Fixed / Solved

 

I changed the VPN tunnel to a custom tunnel. I then was prompted to enter IPV6 DNS details. Once these were entered it appears to go through correctly.

 

 

Thanks,

David 

sw2090
SuperUser
sw2090
SuperUser
March 26, 2020

just another hint - because I stumbled across simlar issue when configuring vpns :)

 

In FGT gui you can enter dns server(s) as you can in the vpn wizard. This  equals to the set ipv4-dns1 xxx.xxx.xxx.xxx command on cli.

However the gui is missing an option to set the vpn dns mode on the tunnel. By default it is on auto. Auto means it will not use any custom dns set in the tunnel but will use system dns. You must set the dns mode to manual to make it use a custom dns set in the tunnel. 

The DNS Server option in gui is rather useless without an option to set dns mode or automagically set dns mode to manual when the DNS Fields are not empty.

The corresponding cli command is set dns-mode manual .

 

BTW: if you do central management with FortiManager you can find the dns-mode somewhere in the advanced settings of your tunnel on the gui. Even here it is not included in the standard settings.

 

 

Terms & ConditionsAccessibility statement