<< Back Home UK uk   Donate Donate

Disable FortiClientVPN DNS update

I'm using FortiClientVPN to access my office network. And I've performance problem with it. When tunnel is up sites are opened slowly. But everything else works fine. My problem was due to resolve.conf updates performed by FortiClientVPN. Since tunnel DNS are far from here (up to 100ms), I've got singnificant delay on hostname resolve. FortiClientVPN is not well-documented and I couldn't find a way to prevent it from updating local DNS via config file. I've tried to find some CLI options

ps axww|grep fori

30595 ?        S      0:00 /bin/sh /opt/forticlient-sslvpn/
30598 ?        S      0:00 /bin/sh ./
30600 ?        Sl     0:08 ./forticlientsslvpn
31411 ?        S      0:00 ./forticlientsslvpn
31416 ?        Sl     0:00 ./forticlientsslvpn
31418 ?        Sl     0:00 ./forticlientsslvpn
31420 ?        S      0:00 /usr/sbin/pppd noipdefault noaccomp noauth default-asyncmap nopcomp 
      nodefaultroute debug logfile /usr/opt/forticlient-sslvpn/64bit/./helper/pppd.log : 
      nodetach lcp-max-configure 40 38400 usepeerdns mru 1354

The idea was to remove usepeerdns option. Unfortunately, without success. It is hardcoded option. But search for dns substring inside distribution gave me a hint. There is helper/ script which generates update for resolve.conf. So, I've just commented nameserver updates there


--- helper/      2020-05-05 09:53:45.207891802 +0300
+++ helper/   2020-05-05 09:44:30.278470481 +0300
@@ -35,7 +35,7 @@

 if [ "x$dns1" != "x" ]; then
-       echo "nameserver        $dns1"
+       echo "#nameserver       $dns1 #forticlient"

 if [ "x$dns1" == "x$dns2" ]; then
@@ -43,7 +43,7 @@

 if [ "x$dns2" != "x" ]; then
-       echo "nameserver        $dns2"
+       echo "#nameserver       $dns2 #forticlient"

 echo "Done" >> "$base/forticlientsslvpn.log"

Forticlient config

Connection config and history are stored in .fctsslvpnhistory. Don't forget to make backup, it is often lost (and get empty) after reboot.


FB or mail (remove X)   Share
designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2024