Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

pptp and dns

Is there a way i could let my vpn pptp client use my internal dns automatically. If I configure dns in TCP/IP on the client vpn machine, i could resolve all addresses but want to do this automaticaly on the fortigate so that I dont have tell any of our clients to configure dns manually on machines. can anyone help please..
10 REPLIES 10
Not applicable

I got this working reliably and very elegantly. This apparenly is a common problem for PPTP servers that don' t supply DNS (unlike my old pfSense box, which " just worked" ) I poked around on the net and someone wrote a VB script to automatically change the binding order. If you use this in conjunction with MS Connection Manager Administration Kit, you can supply a nice " VPN client" to Windows end users and have name resolution work right out of the box with no registry hacking. The nice thing is that it leaves other connections intact, so - as in the case of my cell modem - DNS still works through that connection.
 '  KB311218 - Cannot Change the Binding Order for Remote Access Connections
 '  ========================================================================
 '  VBScript that places the \Device\NdisWanIp entry on the top in the 
 '  registry value Bind (multi-string) that is found under the key 
 '  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\.
 '  If the entry already is at the top, no registry update is done.
 
 Const HKLM = &H80000002
 
 sComputer = " ."    '  use " ."  for local computer
 
 '  Connect to WMI' s StdRegProv class
 Set oReg = GetObject(" winmgmts:{impersonationLevel=impersonate}!\\"  _
          & sComputer & " \root\default:StdRegProv" )
 
 '  Define registry location
 sKeyPath = " SYSTEM\CurrentControlSet\Services\Tcpip\Linkage" 
 sValueName = " Bind" 
 
 oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues
 
 arValuesNew = Array()
 
 For i = 0 To UBound(arValues)
    If i = 0 Then
       If LCase(arValues(i)) = " \device\ndiswanip"  Then
          '  Entry is already first in the list, no point in continuing
          Exit For
       Else
          '  Put NdisWanIp in the first element in the new array
          ReDim Preserve arValuesNew(0)
          arValuesNew(0) = " \Device\NdisWanIp" 
       End If
    End If
 
    '  Continue adding the rest of the elements to the new array
    If LCase(arValues(i)) <> " \device\ndiswanip"  Then
       iCountNew = UBound(arValuesNew) + 1
       ReDim Preserve arValuesNew(iCountNew)
       arValuesNew(iCountNew) = arValues(i)
    End If
 Next
 
 '  If there are elements to be found in the array, update the 
 '  registry value 
 If UBound(arValuesNew) > -1 Then
    oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew 
 End If
 
So if you create a connection with MS Connection Manager Admin Kit (it' s available in Windows 2003) you can script that vbscript to run before the connection is established. My users are MUCH happier now. So am I.
Labels
Top Kudoed Authors