Skip to main content
SJFriedl
SJFriedl
New Member
June 21, 2023
Question

FortiClient SSL VPN gets autoconfigure IP address?

  • June 21, 2023
  • 5 replies
  • 11711 views

Hello friends; A customer has a remote worker whose FortiClient (v7.0.2.0090) SSL-VPN connects & authenticates successfully every time with the office FortiGate 60E, and though the FortClient dialog box shows the proper 192.168.20.2 address from the SSL VPN address pool. Windows itself (via "ipconfig /all") has an 169.254.X.X autoconfiguration IPv4 address and no default gateway.

 

Unsurprisingly, nothing works: it shows bytes transmitted, but nothing received.

 

Disabling the AVG Enterprise desktop security software doesn't seem to make any difference, and I don't see anything in any log.

 

Apparently this started happening some weeks ago, but nobody can identify what changed. Oddly, sometimes it *does* work, but we can't find a pattern.  Other remote workers don't seem to have this problem.

 

Would love some ideas for where to look.

 

~~~ Steve

 

 

5 replies

A
Anonymous_User
New Contributor III
June 21, 2023

Hello SJFriedl,

 

Please check the thread, if you're using Windows 11, KB2693643 is not compatible with Windows 11.

https://community.fortinet.com/t5/Support-Forum/Windows-11-22H2-update-FortiClient-VPN-doesn-t-work/...

The solution is you need to uninstall (KB2693643),  use the command "wusa /uninstall /kb:2693643" on the Command Prompt (opened as Admin). It will pop up for a "Yes" to confirm. 
Once done connect the VPN and check. 

 

https://techcommunity.microsoft.com/t5/windows-11/how-to-install-or-uninstall-rsat-in-windows-11/m-p/3273590
https://www.windowslatest.com/2021/04/23/how-to-uninstall-windows-10-updates-manually/

Regards,
Vishal
    smalls
    smalls
    New Member
    January 19, 2024

    It is happening again with the Jan update on Win 11 machines. Is there going to be a fix?

    SJFriedl
    SJFriedlAuthor
    New Member
    January 19, 2024

    I only barely remember, but I went back through my emails and it appears to have been Windows 11, and my notes suggest that uninstalling the troublesome Windows Update didn't make any difference.

    And for unrelated reasons, the customer replaced the laptop they were using, and given that I didn't hear of any problems after that, my suspicion is that the original computer just had general dorkage that will never be explained.

    I'm sorry I didn't come back at the time to report this.

    mle2802
    Staff
    mle2802
    Staff
    January 19, 2024

    Hi @SJFriedl,

    What is the OS of the client?

    rosatechnocrat
    rosatechnocrat
    Explorer III
    January 19, 2024

    Mostly a uninstall of the FortiClient VPN and reinstalling fixes such kind of issues. 

     

     

    Subscribe "ROSA Technocrat" on Youtube for Fortinet Videos and Troubleshooting https://www.youtube.com/@rosatechnocrat
    smalls
    smalls
    New Member
    January 19, 2024

    We did uninstall/reinstall. we reset the Forticlient NICs. the default route did not change in the route table and the IP was the generic unroutable 169.xxx.xxx.xxx. Uninstalling this month's update fixed the route table and also gave the correct IP. Installing the Jan update again creates the same problem. We don't want to block security updates from Microsoft, so this will be a growing issue as the month progresses. we are going to try an older version of the Forticlient and see if it is compatible until we can get a more permanent fix.

    rosatechnocrat
    rosatechnocrat
    Explorer III
    January 20, 2024

    @smalls : what is the Version of Forticlient and Fortigate where its connecting. 

     

    Rather than downgrading the version try upgrading the version from 7.0.2 to 7.0.12 or 7.2.X

    Subscribe "ROSA Technocrat" on Youtube for Fortinet Videos and Troubleshooting https://www.youtube.com/@rosatechnocrat
    Terms & ConditionsAccessibility statement