Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
raffaeledp
Contributor

Created on ‎11-13-2024 01:19 AM

Something strange happens with DNS server when I use a VPN client

Hello everybody, 

I have a Fortigate F60 device (v 7.2.10).

this Fortigate is implementing a conditional DNS for the Wi-Fi interface.

For some internal domain, I registered some DNS records:

Screenshot 2024-11-13 alle 10.02.07.png

192.168.1.1 is the router address.

Normally, everithing works, fine. If I try to ping one of the registered names (for example vpn.xxx.com):

 

Screenshot 2024-11-13 alle 10.04.23.png

  

10.1.0.1 replies to the echo request. 10.1.0.1 is the Fortigate address.

These are my network settings:

Screenshot 2024-11-13 alle 10.05.08.png

Screenshot 2024-11-13 alle 10.04.56.png

 

So far, so good. Now I try to connect via Cisco Secure Client to a VPN.

Regarding network settings, nothing has changed. My address is the same, Router address is the same, DNS address is the same. The interface is the same, so, if I ping the same address as before, I expect 10.1.0.1 to answer (as before), but now:

Screenshot 2024-11-13 alle 10.14.27.png

 79.9.x.x is replying. Who is 79.9.x.x? Is the Fortigate WAN interface:

Screenshot 2024-11-13 alle 10.15.08.png

And the domain vpn.xxxx.com, if I put it into the browser, is not reacheable anymore, because I think DNS is not functioning correctly. What am I missing?

Thank you for your support!

 

RDP
RDP
Labels:
246
0 Kudos
1 Solution
pminarik
Staff
Staff

Created on ‎11-13-2024 01:52 AM

VPN clients often get a different DNS server IP assigned from their server. Are you sure this is not happening to you when you connect with tha Cisco client?

 

Try checking what's your current DNS server. In Windows you can do "nslookup vpn.yourdomain.com" and it will print out both the IP of the DNS server and the resolved IP for that domain. As far as I know, Macbooks should be able to do the same.

[ corrections always welcome ]

View solution in original post

229
0 Kudos
2 REPLIES 2
pminarik
Staff
Staff

Created on ‎11-13-2024 01:52 AM

VPN clients often get a different DNS server IP assigned from their server. Are you sure this is not happening to you when you connect with tha Cisco client?

 

Try checking what's your current DNS server. In Windows you can do "nslookup vpn.yourdomain.com" and it will print out both the IP of the DNS server and the resolved IP for that domain. As far as I know, Macbooks should be able to do the same.

[ corrections always welcome ]
230
0 Kudos
raffaeledp
Contributor
In response to pminarik

Created on ‎11-13-2024 02:00 AM

It's correct, I verified with nslookup. These are the results:

In VPN:

raffaeledipascale@MacBook-Pro-DiPascale ~ % nslookup vpn.x.com

Server: 10.20.10.115

Address: 10.20.10.115#53

 

Non-authoritative answer:

Name: vpn.x.com

Address: 79.9.x.x

 

raffaeledipascale@MacBook-Pro-DiPascale ~ % nslookup vpn.x.com

Server: 10.1.10.1

Address: 10.1.10.1#53

 

Name: vpn.x.com

Address: 10.1.0.1

 

RDP
RDP
221
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.