Changing the DNS server(s) pushed by SSLVPN (using FortiClient on macOS Catalina)

0

I want to change the default DNS servers pushed by my SSLVPN (FortiClient on macOS). I’ll be using IP addresses to access network resources over VPN. Obviously, even though I am interested in using a different DNS server, I don’t want the routing table to change so the traffic for correct destination/subnet is routed correctly over the VPN tunnel.

Note, I found an old post that seemed to be answering the question but I couldn’t figure out exactly what to do on macOS Catalina.

When VPN is connected, if I run scutil --dns in a terminal on my Mac, I get the below output

resolver #1
  search domain[0] : mycompanyFQDN.com
  nameserver[0] : 10.1.2.3
  nameserver[1] : 10.4.5.6
  nameserver[2] : 192.168.1.1
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 100000

resolver #2
  nameserver[0] : 10.1.2.3
  nameserver[1] : 10.4.5.6
  nameserver[2] : 192.168.1.1
  flags    : Request A records
  reach    : 0x00000002 (Reachable)
  order    : 200000

and a few other ip6 (options: mdns) resolvers

When VPN is not connected, if I run scutil --dns in a terminal on my Mac, I get the below output

resolver #1
  nameserver[0] : 192.168.1.1
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

and a few other ip6 (options: mdns)resolvers

To summarise, my question is how can I change the DNS servers to 192.168.1.1 whenever VPN is connected. I’m hoping I can do this automatically through a shell script or a similar method.

Thanks in advance.

Edit (22/12/2020): To summarise what I've already tried as per my comment: After turning on my VPN,I found out the primary service id by running scutil and then typing list on the next line. I then tried the below command in terminal (after running scutil as sudo)

get State:/Network/Service/forticlientsslvpn/DNS
d.add ServerAddresses * 192.168.1.1 192.168.1.2
set State:/Network/Service/forticlientsslvpn/DNS

However, after running the above commands successfully without any errors, when I run scutil --dns, I still see the same old DNS servers. This is the case even after flusing the dns cache. I was expecting to see 192.168.1.1 192.168.1.2 but I am still seeing the DNS pushed by FortiClient VPN.

dns
ssl-vpn
forticlient
asked on Super User Dec 3, 2020 by user14752375 • edited Dec 22, 2020 by user14752375

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0