Hi,
I've recently upgraded my mac to Ventura, and I have a weird problem with the free FortiClient VPN.
I can connect fine, and to start with everything works as expected. After around 30-40 minutes however, DNS resolution for internal resources stops working.
Before it breaks I see the following:
scutil --dns
DNS configuration
resolver #1
search domain[0] : xxx.net
nameserver[0] : 172.17.0.5
flags : Request A records, Request AAAA records
reach : 0x00000003 (Reachable,Transient Connection)
<... snip ...>
DNS configuration (for scoped queries)
resolver #1
search domain[0] : xxx.net
nameserver[0] : 172.17.0.5
if_index : 22 (en8)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
nameserver[0] : 8.8.8.8
if_index : 14 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #3
search domain[0] : xxx.net
nameserver[0] : 172.17.0.5
if_index : 27 (utun5)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000003 (Reachable,Transient Connection)
After it breaks I have instead
scutil --dns
DNS configuration
resolver #1
nameserver[0] : 8.8.8.8
if_index : 22 (en8)
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
<...snip...>
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 8.8.8.8
if_index : 22 (en8)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
nameserver[0] : 8.8.8.8
if_index : 14 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #3
search domain[0] : xxx.net
nameserver[0] : 172.17.0.5
if_index : 27 (utun5)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000003 (Reachable,Transient Connection)
While it is broken, my resolver is working just fine.
dig google.com @172.17.0.5
; <<>> DiG 9.10.6 <<>> google.com @172.17.0.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18045
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 142.250.200.46
;; Query time: 50 msec
;; SERVER: 172.17.0.5#53(172.17.0.5)
;; WHEN: Mon Nov 21 16:32:15 GMT 2022
;; MSG SIZE rcvd: 55
It seems MacOS just decides to stop using the resolver provided by the VPN for some reason.
Has anyone got any clues about why this is happening, or where to look for clues as to why its happening?
I'm using VPN client 7.0.7.0245
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Dave,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Dave,
I have found this guide which maybe can help you:
Could you please tell me it it helped?
Regards,
Thanks for the link.
It doesn't really help. My issue is not listed in the known issues, and both fctservctl and FortiClient have full disk access enabled as instructed.
I'm having same issue since updating to Ventura.
Are there any news on this issue?
I am using IOS version of FortiClientVPN as a workaround however customers are complaining on this and I cannot offer them to use an unverified version.
Hi,
a colleague of mine discovered, that disabling the IP tracking limiting feature seems to solve the problem:
To be sure we disabled this for both WiFI and Network ports (even when not used) and it seems to work.
I've tried this today, and so far my DNS has not reset! Thank you!
If I have no further issues I'm going to mark this as the solution.
sorry, seems to be a false alarm ... for my colleague it worked for a few hours (before the reset occured every 30-40mins) and we thought that might be it.
It's not :( - it stilled occured a few ours later.
It may not be the full solution, but for me it has dramatically improved things. I've not had an issue with DNS since disabling tracking.
That google groups link looks to be the exact same issue!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.