Can't enable DNS on VPN Tunnel

davidwood139 · ‎07-16-2018

Hi All,

I'm encountering an issue when trying to enable DNS on my host to site VPN tunnel. For some reason I can't save a change I've made.

I would like to untick "Use system DNS in mode config" and then enter the DNS sever of another IP address range. (Its from another site which is connected or a separate site to site tunnel) When I attempt to click "Complete Section" the button refused to click.

Does anyone know why?

Thanks,

David

davidwood139 · ‎07-16-2018

Fixed / Solved

I changed the VPN tunnel to a custom tunnel. I then was prompted to enter IPV6 DNS details. Once these were entered it appears to go through correctly.

Thanks,

David

sw2090 · ‎03-26-2020

just another hint - because I stumbled across simlar issue when configuring vpns :)

In FGT gui you can enter dns server(s) as you can in the vpn wizard. This equals to the set ipv4-dns1 xxx.xxx.xxx.xxx command on cli.

However the gui is missing an option to set the vpn dns mode on the tunnel. By default it is on auto. Auto means it will not use any custom dns set in the tunnel but will use system dns. You must set the dns mode to manual to make it use a custom dns set in the tunnel.

The DNS Server option in gui is rather useless without an option to set dns mode or automagically set dns mode to manual when the DNS Fields are not empty.

The corresponding cli command is set dns-mode manual .

BTW: if you do central management with FortiManager you can find the dns-mode somewhere in the advanced settings of your tunnel on the gui. Even here it is not included in the standard settings.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams