Skip to main content
pxiannie
pxiannie
Explorer II
February 1, 2024
Question

How to solve DNS resolve failed problem when connect to SSL VPN?

  • February 1, 2024
  • 3 replies
  • 15423 views

I'm able to connect to ping my server and access local system last week, but today I tried to connect it shows error DNS resolve failed. I did not make any changes and this error has been solved, why got this error again?  I cant ping my server in command prompt and access the local system now. My current version of FortiClient VPN is 7.2.3.0929, is it because of the updates?

 

Screenshot 2024-02-01 170224.png

Screenshot 2024-02-01 170430.png
Please help. Thanks!

 

FortiClient 
FortiGate 

3 replies

hbac
Staff
hbac
Staff
February 1, 2024

Hi @pxiannie,

 

I can see that you are using public DNS servers. Do you have split tunneling enabled? 

 

Regards, 

    pxiannie
    pxiannieAuthor
    Explorer II
    February 2, 2024

    No, I didnt enabled. I disabled the tunnel mode split tunneling. The DNS split tunneling also didnt enabled.

    hbac
    Staff
    hbac
    Staff
    February 2, 2024

    @pxiannie

     

    If split tunneling is disabled, that means DNS traffic will go through the FortiGate. Please run debug flow by following this article to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connectivity/ta-p/192560

     

    Regards, 

      JcvnStdn
      JcvnStdn
      Visitor III
      February 1, 2024

      have you tried enabling the DNS DB ?
      FortiGate DNS server | FortiGate / FortiOS 6.2.13 | Fortinet Document Library

        pxiannie
        pxiannieAuthor
        Explorer II
        February 2, 2024

        No, because prevously I did not set also able to ping server

        Nchandan
        Staff
        Nchandan
        Staff
        February 7, 2024

        Hello @pxiannie!

         

        Kindly create a test policy from ssl.root to ppp2 as incoming and outgoing interface and destination as all and check if you can ping.

          pxiannie
          pxiannieAuthor
          Explorer II
          February 7, 2024

          Hi @Nchandan ,

          I got 2 ip address for ppp2, I'm using the 180.XXX.XXX.XXX one as my ssl vpn remote gateway. Is it the S* 0.0.0.0/0 [5/0] via 10.233.65.32, ppp2, [1/0] should be  S* 0.0.0.0/0 [5/0] via 180.XXX.XXX.XXX, ppp2, [1/0] ? I dont know what 10.233.65.32 refer to because I didn't found it in interface. My virtual wan-link only have member wan1 and the second pp2 ip address. Is the first ppp2 refer to the ip of virtual wan link? I create policy from ssl.root to virtual wan link but still not able to ping.

          Screenshot 2024-02-07 134416.png
          Regards,

            Terms & ConditionsCookie settingsAccessibility statement