Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chrispaesano
New Contributor

Pinging by name with iOS Dialup VPN

I have an iOS Dialup VPN set up. I can connect to the VPN and ping/rdp to any host on the network if I use an IP but DNS doesn't work.

 

I've configured the network's local DNS server in the settings but this didn't work. I can't ping by name, I also can't ping by FQDN. Any ideas?

Christian Paesano | chrispaesano@gmail.com | NSE4-2015-25749

Christian Paesano | chrispaesano@gmail.com | NSE4-2015-25749
1 Solution
TheJaeene
Contributor

@chris

 

 

The DNS can be set on a per Tunnel Basis.

 

Some iOS Devices seem to have problems resloving .local domains.

 

 

Check out this CLI example:

 

edit "tu-dialup" set type dynamic set interface "wan2" set keylife 28800 set mode aggressive set peertype one [style="background-color: #ffff00;"]set mode-cfg enable[/style] [style="background-color: #ffff00;"]set ipv4-dns-server1 10.10.10.1[/style] [style="background-color: #ffff00;"] set ipv4-dns-server2 10.10.10.254[/style] set proposal 3des-sha1 aes128-sha1 set negotiate-timeout 15 set dhgrp 2 set xauthtype auto set authusrgrp "vpn" set peerid "remote" set ipv4-start-ip 10.10.100.1 set ipv4-end-ip 10.10.100.10 set ipv4-netmask 255.255.255.128 [style="background-color: #ffff00;"]set domain "my.domain"[/style]

 

[style="background-color: #ffff00;"] [/style]

 

View solution in original post

3 REPLIES 3
gschmitt
Valued Contributor

Can you ping the DNS server with the device in question?

 

What services did you allow? Just PING (ICMP) and RDP?

 

Basically you should make sure the device can actually reach the DNS server on TCP/UDP 53 (DNS)

TheJaeene
Contributor

@chris

 

 

The DNS can be set on a per Tunnel Basis.

 

Some iOS Devices seem to have problems resloving .local domains.

 

 

Check out this CLI example:

 

edit "tu-dialup" set type dynamic set interface "wan2" set keylife 28800 set mode aggressive set peertype one [style="background-color: #ffff00;"]set mode-cfg enable[/style] [style="background-color: #ffff00;"]set ipv4-dns-server1 10.10.10.1[/style] [style="background-color: #ffff00;"] set ipv4-dns-server2 10.10.10.254[/style] set proposal 3des-sha1 aes128-sha1 set negotiate-timeout 15 set dhgrp 2 set xauthtype auto set authusrgrp "vpn" set peerid "remote" set ipv4-start-ip 10.10.100.1 set ipv4-end-ip 10.10.100.10 set ipv4-netmask 255.255.255.128 [style="background-color: #ffff00;"]set domain "my.domain"[/style]

 

[style="background-color: #ffff00;"] [/style]

 

chrispaesano

 

Thank you! The domain name is what solved this. Instant success after adding the local domain. That option isn't available in the GUI. Much appreciated!

 

 

jkassner wrote:

@chris

 

 

The DNS can be set on a per Tunnel Basis.

 

Some iOS Devices seem to have problems resloving .local domains.

 

 

Check out this CLI example:

 

edit "tu-dialup" set type dynamic set interface "wan2" set keylife 28800 set mode aggressive set peertype one [style="background-color: #ffff00;"]set mode-cfg enable[/style] [style="background-color: #ffff00;"]set ipv4-dns-server1 10.10.10.1[/style] [style="background-color: #ffff00;"] set ipv4-dns-server2 10.10.10.254[/style] set proposal 3des-sha1 aes128-sha1 set negotiate-timeout 15 set dhgrp 2 set xauthtype auto set authusrgrp "vpn" set peerid "remote" set ipv4-start-ip 10.10.100.1 set ipv4-end-ip 10.10.100.10 set ipv4-netmask 255.255.255.128 [style="background-color: #ffff00;"]set domain "my.domain"[/style]

 

[style="background-color: #ffff00;"] [/style]

 

Christian Paesano | chrispaesano@gmail.com | NSE4-2015-25749

Christian Paesano | chrispaesano@gmail.com | NSE4-2015-25749
Labels
Top Kudoed Authors