FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
saleha
Staff
Staff
Article Id 328358
Description This article describes that with the IPsec tunnel configured to use IKEv2 mode, the FortiClient VPN agent currently does not support DHCP. It means that the tunnel has to use the mode config option to offer an IP address range to connecting clients. That leads to the need to have separate DNS options on the IPsec tunnel to provide internal DNS server IP and domain name to the connection VPN clients.
Scope FortiGate, FortiClient.
Solution

The solution is to set the DNS server on the IPsec tunnel using the following commands:

 

config vpn ipsec phase1-interface

    edit "test"

        set type dynamic

        set interface "wan"

        set ike-version 2

        set peertype any

        set net-device disable

        set mode-cfg enable

        set ipv4-dns-server1 10.10.10.1 <--- DNS server.

       …………….

    next

end

 

Note that the current alternative to using DHCP for IP address assignment to connecting FortiClients is possible in IKEv1 mode.