MacOS DNS Issue with FortiClient VPN

I have noticed that at times when using FortiClient for remote access VPN connections with MacOS, that after disconnecting from the VPN, the DNS settings added by FortiClient for DNS resolution over the VPN, fail to be removed.

When connecting to the VPN, an entry is added to /etc/resolver for the domain name associated with resources behind the VPN tunnel. For example, a resolver for example.com is added here. When on the VPN, this allows the user to resolve a hostname such as dc01.example.com. However, when the VPN disconnects, this should be removed. If the domain name used internally is the same as that used externally, then once the VPN is disconnected, with that resolver still in place, it will attempt to resolve DNS using that resolver over the disconnected VPN causing subsequent connections to the actual VPN to fail.

If the VPN hostname is vpn.example.com, and the resolver is still there, it fails to resolve and can’t connect to the VPN.

The solution I have found is to go to /etc/resolver, run “ls”, then run “rm example.com” to remove this. After doing this, resolution should use the system DNS servers and work as expected.

Leave a Reply

Your email address will not be published. Required fields are marked *