Technical Tip: Dialup VPN client gateway to be the next available IP address

ChrisTan · ‎11-13-2022

Description

This article describes that from the Client host, the gateway and the DHCP server would be the next available IP address when Dialup VPN is connected.

Scope

FortiGate.

Solution

When the client user1 tries to connect to Dialup VPN from FortiClient, the first thing that the user1 is confused about is checking in CMD:

'ipconfig ' or 'route print'.

To find the virtual adaptor's default gateway and DHCP Server the following IP address.

The following Client user2 would get the IP address 192.168.100.2, and the default gateway is 192.168.100.3.

It would not be very clear if 192.168.100.1 ping 192.168.100.2, the ICMP should be sent to FortiGate or user2.

As the Dailup VPN is the point-to-point tunnel:

147 # fnsysctl ifconfig Dialup
Dialup Link encap:Unknown
inet addr:169.254.1.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1438 Metric:1
RX packets:5333 errors:0 dropped:0 overruns:0 frame:0
TX packets:3785 errors:3 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:944408 (922.3 KB) TX bytes:3964304 (3.8 MB)

All traffic would pass directly through the FortiGate.

FortiGate will not check the gateway, only forward the traffic based on the destination.

To allow dialup VPN to communicate, a dialup to dialup policy needs to be created.

Test RDP to 192.168.100.2 results in connecting to user2 successfully.