Skip to main content
YHC
YHC
Explorer
October 20, 2024
Question

DNS of SSL-VPN

  • October 20, 2024
  • 6 replies
  • 4799 views

Dears,

 

I recently configure SSL-VPN on my Fortigate 40F.

The connection is successful in my iPhone.

Howevver, I found that I can only connect to our internal NAS/server using its private IP, like 192.168.3.x.

I have set the A record of our NAS/server with their private IP but it not works.

 

Can you advise what should I do to connect to our internal NAS/server with its FQDN?

Thank you.

6 replies

YHC
YHCAuthor
Explorer
October 20, 2024

Hi I tried the second approach but the CLI said:

 

command parse error before 'dns-server1'
Command fail. Return code -61

 

It seems the command changed?

funkylicious
SuperUser
funkylicious
SuperUser
October 20, 2024

Where/when does the error pop? The article saying under the ssl web portal, i dont know if its still works like that, i always do it under the ssl settings.

You should configure the dns server under sslvpn settings alonsgide the dns-suffix in order to resolve the shortname.

 

config vpn ssl settings
    set dns-server1 <>
end
"jack of all trades, master of none"
YHC
YHCAuthor
Explorer
October 20, 2024

Hi funkylicious

 

I have settings in the GUI like this:

Please advise me if I have missed any setting.  Thank you.

截圖 2024-10-21 07.16.55.png截圖 2024-10-21 07.17.16.png

funkylicious
SuperUser
funkylicious
SuperUser
October 21, 2024

Hi,
Those settings are relevant for the device.

The ones that you need are configured in the CLI, config vpn ssl settings.

"jack of all trades, master of none"
adimailig
Staff & Editor
adimailig
Staff & Editor
October 21, 2024

Dear @YHC 

If you could connect to the fully qualified domain (hostname.fully_qualified_domain.local), then your issue is with the DNS suffix.
Please add DNS Suffix on your SSL VPN configuration.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DNS-suffix-for-VPN-SSL-and-IPsec-in-the/ta-p/194750

https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-Suffix-per-SSL-VPN-Portal/ta-p/277180


YHC
YHCAuthor
Explorer
October 21, 2024

Dear @adimailig

 

I cannot connect to the fully qualified domain (hostname.fully_qualified_domain.local).

I have also added DNS suffix on my SSL VPN configuration.

 

Do you have any advises?

Thank you.

 

YHC
YHCAuthor
Explorer
October 22, 2024

Dear All,

 

I just realized that the issue only happened in my iPhone.

I have no problems when using windows to connect by FQDN.

If using iPhone, I can only connect by private IP, not. FQDN.

adimailig
Staff & Editor
adimailig
Staff & Editor
October 25, 2024

From your iPhone device, can you do ping or nslookup of the hostname?
If the iPhone device could not resolve the name, it seems to be limitation from IPhone.
In addition, there are forums telling that DNS from VPN (IOS) won't be applied if you have split tunnel enable.
https://community.zyxel.com/en/discussion/17951/problem-with-iphone-vpn-dns

YHC
YHCAuthor
Explorer
October 25, 2024

Hi

 

Thank you.

I can do ping without problems but nslookup doesn't work.

 

Terms & ConditionsAccessibility statement