Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rpoon
New Contributor II

IPv6 causing SSL VPN connection issue

We used to have FortiClient version 6.2.6 and it works well on SSL VPN connection to our corporate network (gateway FortiOS version 6.4.3).  Once we upgraded to FortiClient 6.4.3, we start getting intermittent connectivity issue in that user cannot access network resources due to DNS resolution failure.  It's found to be caused by client's network interface attempts to query DNS through IPv6 and failed.  It then stop there without attempting querying IPv4 DNS.  We are stuck with no solution from Fortigate and desperately need to resolve it.  Does anyone encounter similar issue and can share some ideas?

 

Thanks

1 Solution
isamt

So far we have not encountered any issues with IPv6 enabled home users, however it was only a small percentage of our users that have IPv6 enabled Internet connections so can't say for 100% certainty yet.

 

FortiClient is independent of the Fortigate firmware version so yes you need EMS 7.0 or later and you may need to convert your EMS licences to version 6.4 at least then other than that you can upgrade your clients to 7.0 so not a lot of work at all.

View solution in original post

10 REPLIES 10
Vincent_RLG
New Contributor

I was encountering the same type of issues. Like 90% of all issues, it came from DNS resolution who was made in IPv6 prior to IPv4. As we don't use IPv6 internally, clients with IPv6 enabled internet connections where unable to resolve internal names, because they were querying their Internet provider instead of the one pushed through the VPN connection.

Workarounds are:

- https://community.fortinet.com/t5/FortiClient/Troubleshooting-Tip-Issues-with-resolving-the-internal...

or

- Disable IPv6 on the Client interface connecting to Internet or generally

or

- having a full dual stack infrastructure.

I wonder if there isn't already a solution mixing IPv6 DNS-Database , "private" IPv6 and 6to4....

 

Cheers

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors