Description | This article describes that with the IPsec tunnel configured to use IKEv2 mode, the FortiClient VPN agent currently does not support DHCP. It means that the tunnel has to use the mode config option to offer an IP address range to connecting clients. That leads to the need to have separate DNS options on the IPsec tunnel to provide internal DNS server IP and domain name to the connection VPN clients. |
Scope | FortiGate, FortiClient. |
Solution |
The solution is to set the DNS server on the IPsec tunnel using the following commands:
config vpn ipsec phase1-interface edit "test" set type dynamic set interface "wan" set ike-version 2 set peertype any set net-device disable set mode-cfg enable set ipv4-dns-server1 10.10.10.1 <--- DNS server. ……………. next end
Note that the current alternative to using DHCP for IP address assignment to connecting FortiClients is possible in IKEv1 mode. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.