unfortunately there is an issue with site2site and dyndns.A site2site vpn always needs both "ends" to be defined. Since one Side does not have a static wan IP and you do not want to always change the ip manually you would need to use some dyndns service. Unfortunately inside VPN FortiOS fails to update the remote gw ip even though the dyndns itself works properly. This always results in the vpn going down once the ip changes for first time.
I already discussed this with TAC but there is still no fix or solution.
The only workaround would be to use I dial up vpn instead since this only requires the "end" that is dialled into to be defined.
Once can still route everything through a dial up aswell. I just don't think that on FGT you could use MFA for vpn auth.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.