Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

pptp and dns

Is there a way i could let my vpn pptp client use my internal dns automatically. If I configure dns in TCP/IP on the client vpn machine, i could resolve all addresses but want to do this automaticaly on the fortigate so that I dont have tell any of our clients to configure dns manually on machines. can anyone help please..
10 REPLIES 10
Not applicable

yeah, ditto, I need the same feature. It' s hard to explain how to hard code the internal lan dns server ip settings over the phone to a non-technical computer user. Besides, what if I change my lan' s dns server ip? The fortigate assigns the IP and mask, but what about the DNS IPs?
Adrian_Lewis
Contributor

Won' t work. Handing out DNS and WINS info during the PPTP setup negotiations is a Microsoft extension to the PPTP standard and Fortinet, to date, have decided not to implement it. Damn annoying isn' t it. V3.0 perhaps? Or how about the option to assign the PPTP tunnel endpoints IP/DNS etc information from a DHCP server on a chosen interface and for clients to be treated as if they were on that interface? Wouldn' t that be great. Apart from the speed and handling of broadcast traffic, users would have exactly the same experience on the LAN as when travelling. Sigh, we live in hope eh?

I' m in the same boat and have been there for a while. Infact, configuring the DNS on the client side has done nothing for me as DNS requests go unanswered. I' ve had to add all needed server ips to the laptop' s host file. I' m using the Microsoft VPN client to connect to the Fortigate, that might be the reason DNS is not working. Any suggestions?
Adrian_Lewis
Contributor

You certainly shouldn' t have to go the hosts file route. Just add the internal DNS server IP addresses to the PPTP connection' s properties and add the internal search domain. I' ve never had to go that far before. Alternatively, open a VIP on tcp port 1721 to an internal windows server and set up RRAS. You might need to allow GRE to pass from internal to external although the Fortigate might do this automatically when it sees the TCP port 1721 conection coming in.

Yeah Adrian, I know how to specify a DNS server in a VPN connection. I' ve never had a problem doing it either... until I started working with a Fortigate VPN. Specifying the DNS server does not get me DNS for some reason. Strange, huh? Using a Windows Server for DNS will be my last resort... I would much rather accept the VPN on the border of my network. It just makes me feel safer. ;)
Not applicable

This is incredibly stupid behavior. Even my old pfSense BSD based firewall handed out DNS information to PPTP clients. I really do like my Fortigates but stuff like this is really braindead. I just tested and adding the DNS and search domain to the client does not work. Unchecking " use default gateway on remote network" (to create a split tunnel) seems to work a little better, but it still seems to prefer the laptop' s primary (DSL/Cable/etc.) DNS server.
Not applicable

I' ve confirmed with Fortigate - their solution was to buy Forticlient and use that instead. Why they even have a PPTP implemntation, I have no idea.
UkWizard
New Contributor

Or, i could tell you how to do it :) Well, to get it to use the VPN DNS when connected, that is, i cant get the fortinet to dish out the DNS for you ..... Simple really, just need to ask the right person.. Goto your " network connections window" , then Advanced -> " advanced settings" Under the " adapters and bindings" tab, move the [remote access connections] to the top of the list. Then, when you connect via the PPTP, it will use the DNS settings (that you manually set) in the PPTP vpn properties, whenever its connected, flipping back to the lan ones when not connected. Magic BTW: if this doesnt work for you in XP, you probably have the MS bug, so you will need to edit the registry to resolve it. see the ms support article 311218, which basically says; 1. Click Start, click Run, type regedit32 in the Open box, and then click OK. 2. Click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage 3. In the right pane, double-click Bind. 4. In the Value data box, select the " \Device\NdisWanIp" item, press CTRL+X, click the top of the list of devices, and then press CTRL+V. 5. Click OK, and then quit Registry Editor.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

That made it work better, but it' s still not 100%. Also, for any other dialup connections, you now need to manually specify the DNS servers. DNS stopped working over my cell modem after I did this.
Labels
Top Kudoed Authors