Skip to main content
mrflow1
mrflow1
New Member
February 7, 2025
Question

External DHCP over IPSEC lease gets removed when user disconnect

  • February 7, 2025
  • 2 replies
  • 1289 views

Ive been working on this guide to configure DHCP over IPSEC without problems .
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/189440/ipsec-vpn-with-external-dhcp-service

The problem is when the remote user disconnected , the device sends a dhcp release to the dhcp server and the lease goes off.

This is the main reason im migrating sslvpn to dhcp over ipsec if to remains ips of device for 2 weeks at least base on the mac address.

This is what i saw when users disconnected.

DHCP 342 DHCP Release - Transaction ID 0x34073082

 

2 replies

Anthony_E
Staff
Anthony_E
Staff
February 10, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
February 11, 2025

HEllo,

 

I will try to answer your question about how to address the issue where the external DHCP lease gets removed when the user disconnects in an IPsec VPN setup, 

  1. Check the DHCP lease duration settings on the external DHCP server to ensure it is not set to a very short time, causing the lease to expire quickly upon disconnection.
  2. Verify the IPsec VPN configuration on the FortiGate to ensure that the DHCP over IPsec feature is enabled in the VPN phase 2 settings. This setting should allow the VPN client to retain the IP address lease even after disconnecting and reconnecting.
  3. Confirm that the FortiClient settings also have DHCP over IPsec enabled to maintain the lease when the user disconnects.
  4. If the issue persists, consider upgrading the FortiGate firmware to the latest version as newer releases may include bug fixes and improvements related to DHCP over IPsec functionality. By following these steps, you can troubleshoot and potentially resolve the issue of external DHCP leases being removed when a user disconnects from the IPsec VPN.
I hope it will help.
Best Regards
mrflow1
mrflow1Author
New Member
February 11, 2025

Thanks,

1, dhcp lease duration is set to 8 days.

2, the feature is enabled on phase 2.

3, Forticlient is set to use DHCP over IPsec

4, We use EMS 7.2.5 , FortiOs 7.2.10 and FTC 7.0.14.

The connectivity is not the problem, the problem is when user disconnect its automatically sends a dhcp release to dhcp server.

Terms & ConditionsAccessibility statement