Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shannonpeeveyunlv
New Contributor II

Ubuntu 24.04: Forticlient VPN installation w/ DNS resolution fix

#####
#Ubuntu 24.04: Forticlient VPN installation
#####

 

1. Additional packages need to be downloaded in order to install Forticlient VPN:

 

## download libayatana-appindicator1 by scrolling to the bottom and clicking your architecture (amd64)
https://packages.debian.org/bullseye/libayatana-appindicator1

## download libayatana-indicator7 by scrolling to the bottom and clicking your architecture (amd64)
https://packages.debian.org/bullseye/libayatana-indicator7

## download libdbusmenu-gtk4 from this link
http://security.ubuntu.com/ubuntu/pool/universe/libd/libdbusmenu/libdbusmenu-gtk4_18.10.20180917~bzr...

 

2.  Install these deb packages


sudo dpkg -i *.deb

## install libgconf-2.4 and libnss3-tools by running the shell script on this page
https://2h3ph3rd.medium.com/how-to-install-libgconf-2-4-on-ubuntu-23-10-fec6bda8d5f5

## download the forticlient vpn deb package from
https://www.fortinet.com/support/product-downloads#vpn

## install forticlient vpn
sudo dpkg -i forticlient_vpn_7.2.2.0753_amd64.deb


#####
#Forticlient VPN: Fix DNS resolution
#####

 

There are two ways to fix the DNS resolution issue. Pick your poison.

 

1. Modify /etc/systemd/resolved.conf and restart systemd-resolved.service

 

vi /etc/systemd/resolved.conf
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=10.1.1.4 8.8.8.8 8.8.4.4
FallbackDNS=10.1.1.4
...
ReadEtcHosts=yes
...

sudo systemctl restart systemd-resolved.service


2. Create the following script and run it after connecting successfully to the VPN

 

vi /usr/local/bin/fortinect_dns_fix.sh
#!/bin/bash

export VPN_INTERFACE=$(resolvectl | grep fctvpn | sed 's/[()]//g' | cut -d' ' -f3)


sudo resolvectl domain $VPN_INTERFACE ~.
sudo resolvectl dns $VPN_INTERFACE <space delimited DNS server IPs>

chmod 755 /usr/local/bin/fortinect_dns_fix.sh
Login to Forticlient VPN as normal
#In a Terminal run:
/usr/local/bin/fortinect_dns_fix.sh


#resolvectl should output something like:

 
...
Link 11 (fctvpn6b5ab556)
Current Scopes: DNS
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.1.1.4
DNS Servers: 10.1.1.4 10.1.1.5 8.8.8.8 8.8.4.4
DNS Domain: ~.
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
rtanagras
Staff
Staff

Hi @shannonpeeveyunlv - Seems like you're trying to configure DNS settings in your script. May we know what issue you're encountering with it?

Best,
Ricky
shannonpeeveyunlv
New Contributor II

I haven't been able to use Forticlient VPN on Linux for the past months due to DNS resolution issues while connected. 

 

I didn't go heavily into verifying the exact cause of the issue, but used this thread as a jumping off point for solving the problem for me: 

https://community.fortinet.com/t5/Support-Forum/DNS-settings-on-Ubuntu-22-04-and-FortiClient-VPN-7-0...

 

I used this posting as a reference for my solution: 

https://askubuntu.com/questions/1417070/ubuntu-22-04-vpns-dns-server-not-used-for-resolving-addresse...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors