Skip to main content
whatever
whatever
New Member
February 26, 2016
Question

Refuse server's routes / DNS

  • February 26, 2016
  • 1 reply
  • 4067 views

I'm using forticlient on OSX to access to the network of one of my clients.

 

The VPN server is configured to change my default route (so all my traffic is routed through the VPN) and to update my DNS servers.

 

Is there a way to ask FortiClient not to change my default route (or even better not to change any route) and my DNS?

Also, is there a CLI available on linux/ARM or linux/x86 to connect to a VPN?

 

Thanks,

    1 reply

    whatever
    whateverAuthor
    New Member
    March 4, 2016

    Is there a better place than here to get an answer?

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 4, 2016

    Old post first:

    1- if the FC is managed centrally by the FGT there is/should be no way to change that behavior on the client's side. Otherwise central mgmt wouldn't make any sense.

    2- I've got no experience with the Linux client but the Windows version does support command line options. A tunnel can thus be opened from running the 'ipsec' command (included in the FC installation) instead of clicking on the icon. There is a thread on this in the forums.

     

    Last post:

    Sure, open a ticket with Customer Support. You will only find help around here on a best-effort basis - it needs people who've had the same problem (which can be very few sometimes), and one of those willing to sacrifice time and effort to post back (even fewer).

    And then there is the Knowledge Base, some helpful Fortinet bloggers, the docs...

    whatever
    whateverAuthor
    New Member
    March 4, 2016

    Thanks a lot for your answer!

     

    1- yes, I understand this point. But in the case the server is configured like shit, it would be so great to have advanced features for people who know what they're doing to override the configuration, which is ok for 99% of the clients (who don't have to run several VPN at the same time like I do).

     

    2- I considered using ipsec but unfortunately it seems the server is only configured to accept SSL connections (or at least the sysadmin of the company I'm working for wasn't able to tell me what are the credentials required).

     

    Thanks again,

    Terms & ConditionsAccessibility statement