preyes
New Contributor

SSL VPN No local DNS

Hi there, newbie here in the Fortinet world.

 

Our HO has FortiGate 200 running ver 6.4

 

I am also using FortiClient 6.4; I downgraded to FortiClient version 6.0 and it work fine; but I can not believe that this problem exists since version 6.2 and nobody noticed.

 

I have a SSL VPN configured which connects fine; but is does not transfer the local dns server info to the remote user. 

 

What can be the problem?

 

Thanks in advanced.

17 REPLIES 17
UrbyTuesday

FYI, the full process i tried on a new laptop:

installed 6.4.2, no DNS resolution.

backed down to 6.2.6, all was well.

installed 6.2.8 to test...it broke again.

backed down to 6.2.7...it worked properly again.

 

 

 

Juquinha

Hi!

 

I was looking at this thread and I would like to ask if you guys checked the suffix settings at your machine to test this. Normally, we put the internal domains suffix at the NIC list to computers to always look for the FQDN. Even though, the DNS server also can look in its base for the query.its.domain.

 

I, actually, prefer to know that Fortigate DOES NOT interfer into the resolution process. It is something that has only to do with the dns client and server.

 

 

mister

maybe its relevant to me ?

 

my issue:

I can not surf to websites on the Internet (no site) when I am connected from home with FORTI. While connecting the FORTI it is "Inserts" in the DNS'S wireless network card. When the alternate DNS it plants is "X.X.X.X". Only when I manually change it to dns google can I access the Internet in parallel with my connection in FORTI ... But any reconnection of FORTI of course eliminates this change in the wireless network card.

aseques
New Contributor

mister wrote:

maybe its relevant to me ?

 

my issue:

I can not surf to websites on the Internet (no site) when I am connected from home with FORTI. While connecting the FORTI it is "Inserts" in the DNS'S wireless network card. When the alternate DNS it plants is "X.X.X.X". Only when I manually change it to dns google can I access the Internet in parallel with my connection in FORTI ... But any reconnection of FORTI of course eliminates this change in the wireless network card.

In your case the problem seems to be that the dns provided by your vpn server don't resolve the domains, it's just the oposite of this thread case.

tschoeller

I have this same issue.  It only happens on some Windows 10 machines.  Other Windows 10 machines do not suffer from this problem.  Problem exists despite DNS server and suffix being set correctly in SSL settings.  I have seen this issue on 2 separate firewalls one with remote RADIUS users and the other with local users.  I have also tried enabling split DNS and have seen DNS queries start timing out despite low latency connection.  Suspect that there may be some DNS related bugs in newer version of FortiClient VPN. 

 

Found this after submitting a new post: https://forum.fortinet.co...m=195269&tree=true

UrbyTuesday

Yeah that link is brand new and I just told that guy what I'll tell you.  Try FCVPN 6.2.6 or 6.2.7 (not 8) and see if it helps.

JUST

Hi, I had this same issue. Versions until 6.2.7 work but all after 6.2.7 not working. Fortinet launched recently a new version FortiClientVPN_7.0.0.0029_X64.exe and with this version, problem seems to be solved Thanks

 
browners80
New Contributor

Setting the dns-suffix via cli sorted it for me.  

 

Thanks guys