Auto-connect to 2 VPN IPSec Dial up tunnels ? possible ?

Hello Flamby, 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

I'm only using the 'free vpn' client but if there is a way to either enable, at machine start up or potentially a service (whereby the user has to connect to the vpn before anything else), I'd be interested in knowing how to get this done. On my previous hardware/vpn client (not fortigate) there was a method of configuring the vpn client to launch and validate the client even before they could log into the machine - which was really nice.

Hello again Flamby,

I found this solution, can you tell us if it helps, please?

To achieve automatic connection to multiple IPsec dial-up VPN tunnels using FortiClient EMS, there are a few considerations and configurations you need to ensure are correctly set up:

Multi-Connect Feature

1. Enable Multi-Connect: Ensure that the "Enable Multi-Connect on Eligible Tunnels" option is enabled in FortiClient EMS. This feature allows FortiClient to connect to multiple tunnels concurrently, but it is currently in beta and only supports IPsec VPN IKEv2 tunnels.

2. DNS Priority: When using the Multi-Connect feature, ensure that the DNS Priority is correctly configured for the IPsec VPN IKEv2 tunnels. This setting lists all the tunnels configured on the profile and can support up to 50 tunnels.

Auto-Connect Configuration

1. Auto Connect Settings: Verify that the "Auto Connect" option is correctly configured for both VPN tunnels in the EMS profile. This setting should specify which VPN tunnel(s) the endpoint should automatically connect to upon login.

2. Auto Connect Only When Off-Fabric: If this option is enabled, ensure that the endpoints are considered "off-fabric" by EMS, as this setting will only auto-connect when the endpoint is off the corporate network.

Troubleshooting Steps

1. Profile Update: Ensure that the endpoint profile is updated and pushed to all devices. Sometimes, changes in EMS need to be re-applied to the endpoints.

2. Check Logs: Review the FortiClient logs to identify any errors or issues during the connection process. This can provide insights into why the second VPN is not connecting automatically.

3. Network-ID Configuration: If there are multiple IKEv2 dial-up tunnels, ensure that each tunnel has a unique network-id configured. This helps in correctly matching the VPN tunnel during the connection process.

Follow-ups and Clarification Questions

• Have you verified that both VPN tunnels are correctly configured with unique network-ids?
• Are there any error messages or logs indicating why the second VPN is not connecting automatically?
• Is the "Auto Connect Only When Off-Fabric" option enabled, and if so, are the endpoints considered off-fabric by EMS?

If these steps do not resolve the issue, further investigation into the specific EMS and FortiClient configurations may be necessary.