I have an iOS Dialup VPN set up. I can connect to the VPN and ping/rdp to any host on the network if I use an IP but DNS doesn't work.
I've configured the network's local DNS server in the settings but this didn't work. I can't ping by name, I also can't ping by FQDN. Any ideas?
Christian Paesano | chrispaesano@gmail.com | NSE4-2015-25749
Solved! Go to Solution.
@chris
The DNS can be set on a per Tunnel Basis.
Some iOS Devices seem to have problems resloving .local domains.
Check out this CLI example:
edit "tu-dialup" set type dynamic set interface "wan2" set keylife 28800 set mode aggressive set peertype one [style="background-color: #ffff00;"]set mode-cfg enable[/style] [style="background-color: #ffff00;"]set ipv4-dns-server1 10.10.10.1[/style] [style="background-color: #ffff00;"] set ipv4-dns-server2 10.10.10.254[/style] set proposal 3des-sha1 aes128-sha1 set negotiate-timeout 15 set dhgrp 2 set xauthtype auto set authusrgrp "vpn" set peerid "remote" set ipv4-start-ip 10.10.100.1 set ipv4-end-ip 10.10.100.10 set ipv4-netmask 255.255.255.128 [style="background-color: #ffff00;"]set domain "my.domain"[/style]
[style="background-color: #ffff00;"] [/style]
Can you ping the DNS server with the device in question?
What services did you allow? Just PING (ICMP) and RDP?
Basically you should make sure the device can actually reach the DNS server on TCP/UDP 53 (DNS)
@chris
The DNS can be set on a per Tunnel Basis.
Some iOS Devices seem to have problems resloving .local domains.
Check out this CLI example:
edit "tu-dialup" set type dynamic set interface "wan2" set keylife 28800 set mode aggressive set peertype one [style="background-color: #ffff00;"]set mode-cfg enable[/style] [style="background-color: #ffff00;"]set ipv4-dns-server1 10.10.10.1[/style] [style="background-color: #ffff00;"] set ipv4-dns-server2 10.10.10.254[/style] set proposal 3des-sha1 aes128-sha1 set negotiate-timeout 15 set dhgrp 2 set xauthtype auto set authusrgrp "vpn" set peerid "remote" set ipv4-start-ip 10.10.100.1 set ipv4-end-ip 10.10.100.10 set ipv4-netmask 255.255.255.128 [style="background-color: #ffff00;"]set domain "my.domain"[/style]
[style="background-color: #ffff00;"] [/style]
Thank you! The domain name is what solved this. Instant success after adding the local domain. That option isn't available in the GUI. Much appreciated!
jkassner wrote:@chris
The DNS can be set on a per Tunnel Basis.
Some iOS Devices seem to have problems resloving .local domains.
Check out this CLI example:
edit "tu-dialup" set type dynamic set interface "wan2" set keylife 28800 set mode aggressive set peertype one [style="background-color: #ffff00;"]set mode-cfg enable[/style] [style="background-color: #ffff00;"]set ipv4-dns-server1 10.10.10.1[/style] [style="background-color: #ffff00;"] set ipv4-dns-server2 10.10.10.254[/style] set proposal 3des-sha1 aes128-sha1 set negotiate-timeout 15 set dhgrp 2 set xauthtype auto set authusrgrp "vpn" set peerid "remote" set ipv4-start-ip 10.10.100.1 set ipv4-end-ip 10.10.100.10 set ipv4-netmask 255.255.255.128 [style="background-color: #ffff00;"]set domain "my.domain"[/style]
[style="background-color: #ffff00;"] [/style]
Christian Paesano | chrispaesano@gmail.com | NSE4-2015-25749
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.