Page 1 of 1

Forticlient / Fortigate VPN Internal DNS resolution issues.

Posted: Tue Jan 12, 2021 4:03 pm
by otakugenx
I am posting this in case anyone else runs into this issue. And perhaps I solved it wrong, but it was what worked.

It seems that if you are using Forticlient to connect to a VPN and have systemd-resolved installed (it is by default) resolution does not change over to the right DNS servers. This does not effect external connections through the VPN, but does prohibit internal only resolution like connecting to a desktop.

To test this after you connect to your VPN open a terminal and try a nslookup on an external name, like Google. It will respond fine coming from 127.0.0.1:53 now try an internal only name, yourdesktop.yourcompany.com. Assuming your companies DNS servers do not allow internal machine names to be resolved on the internet it will fail with a Server: 127.0.0.1:53 and another line ***yourdesktop.yourcompany.com: No answer.

Now if you check your Network settings you will see the proper VPN DNS servers listed in there. However it seems that they are not being queried.

To fix this I followed the instructions on this page: https://askubuntu.com/questions/907246/ ... -in-ubuntu
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

Edit /etc/NetworkManager/NetworkManager.conf and add dns=default under [main]
rm /etc/resolv.conf
Then restart Network Manager
sudo systemctl restart NetworkManager

Now test again as before. You will notice Server: is now showing the DNS server it is querying. You should also now be able to lookup internal only names.