Skip to main content
clfrancisco
clfrancisco
Explorer II
May 14, 2024
Question

VPN Setup using dynamic IP from ISP

  • May 14, 2024
  • 3 replies
  • 1743 views

Hi Team,

 

Can I still setup a VPN (IP-SEC) on my Fortigate 60D but I dont have public static IP on my ISP, is it possible to setup?

 

Thank you!

3 replies

ozkanaltas
ozkanaltas
Valued Contributor III
May 14, 2024

Hello @clfrancisco ,

 

You can use ddns feature to solve this problem.

 

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/685361/ddns

 

    AEK
    SuperUser
    AEK
    SuperUser
    May 14, 2024

    Hi Francisco

    Additionally to Atlas' suggestion, you can also set it up as dial-up VPN client. You can use the Wizard to set it up easier.

    AEK
      sw2090
      SuperUser
      sw2090
      SuperUser
      May 14, 2024

      Unfortunately there still is a bug in the FortiOS IPSec stack with using ddns as remote gw on a vpn. 

      This does not affect dial up tunnels.

      It does affect Site2Site tunnels. S2S will work if both sides are always online so you can allow phase1 auto negotiation to establish the vpn from both sides. Once you disable phase1 auto negotiation on the side that has the ddns as remote gw (because opposite site doesn't have a static wan ip) it will stop working once the remote ip changes because without phase1 autonegotiation the ipsec stack does not update the remote gw on this side.

       

      Also unfortunately with dial up tunnels and redundancy you run into yet annother bug in the routing stack and sdwan that prevents your FGT from detecting the proper tunnel/route.

        Terms & ConditionsAccessibility statement