Fortigate PPTP 推送默认网关和 DNS 服务器

tag-icon tag-icon vpn fortigate
Fortigate PPTP 推送默认网关和 DNS 服务器

我这里有一台 Fortigate 40C,配置主要从 Fortigate60 复制而来。一切运行正常,但 PPTP VPN 连接出现了一些问题。我想在将来添加 SSL VPN,但目前 PPTP 就够用了。

目前我得到了一个有效的配置,但是有些东西还没有正常工作。

  • DNS 服务器未推送到客户端。它应该是 192.168.6.1,就像通过 DHCP 一样。
  • 客户端应使用网关 192.168.6.1,而不是 192.168.160.1

我使用 OS X VPN 客户端进行连接,并且手动添加了 dns 条目 + 网络设置,因此它可以工作。

有人知道如何将 DNS + 网关正确推送到客户端吗?


   config system dns
        set primary 8.8.8.8
        set secondary 8.8.4.4
        set domain "lan"
   end



config firewall address
       edit "all"
       next
       edit "Internal_Range"
           set subnet 192.168.6.0 255.255.255.0
       next
       edit "PPTP"
           set associated-interface "wan1"
           set type iprange
           set end-ip 192.168.6.180
           set start-ip 192.168.6.160
       next
   end
    config firewall policy
        edit 1
            set srcintf "internal"
            set dstintf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ANY"
            set nat enable
        next
        edit 50
            set srcintf "wan1"
            set dstintf "internal"
            set srcaddr "PPTP"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ANY"
        next
        edit 4
            set srcintf "wan1"
            set dstintf "wan1"
            set srcaddr "PPTP"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ANY"
            set nat enable
        next
    end
    config vpn pptp
        set status enable
        set eip 192.168.6.180
        set sip 192.168.6.160
        set usrgrp "Wizard_users"
    end
    config system dhcp server
        edit 1
            set default-gateway 192.168.6.1
            set domain "lan"
            set interface "internal"
            config ip-range
                edit 1
                    set end-ip 192.168.6.159
                    set start-ip 192.168.6.100
                next
            end
            set lease-time 345600
            set netmask 255.255.255.0
            set dns-server1 192.168.6.1
        next
    end
    config system interface
    edit "wan1"
        set vdom "root"
        set mode pppoe
        set allowaccess ping
        set type physical
        set alias "FTTB Fixed IP"
        set username "X@X"
        set password ENC X
        set defaultgw enable
        set dns-server-override disable
    next
    edit "modem"
        set vdom "root"
        set mode pppoe
        set type physical
    next
    edit "ssl.root"
        set vdom "root"
        set type tunnel
    next
    edit "internal"
        set vdom "root"
        set ip 192.168.6.1 255.255.255.0
        set allowaccess ping https ssh
        set type physical
        set alias "LAN"
    next
end

编辑:DNS服务器,网关都在Fortigate设备上,IP为192.168.6.1。

答案1

我现在让它工作了。我没有看到 NAT 复选框 :(


edit 50
        set srcintf "wan1"
        set dstintf "internal"
            set srcaddr "PPTP"
            set dstaddr "all"
        set action accept
        set schedule "always"
            set service "ANY"
        set nat enable
    next

另一部分@mbrownnyc 是对的。fortigate 无法推送 DNS 服务器、网关或搜索域。

相关内容