Skip to main content
ThePro
ThePro
New Member
August 3, 2018
Solved

FortiClient VPN - Connects ok, BUT No Remote Access & No Internet

  • August 3, 2018
  • 1 reply
  • 69237 views

I have a remote user that for an unknown reason started to have issues connecting remotely.

 

No changes were done on the Fortigate. According to the user not no changes on the remote user side network (same ISP, same router). Previous to the issue they had been connecting without any issues since it was setup months ago on a daily basis.

 

FortiClient connects but I lose Internet access and I cant ping the devices at the main office. I also noticed that I dont get an IP assigned.

 

I already restarted the Fortigate and deleted and recreated the FortiClient VPN.

 

Office/Fortigate network/subnet is 10.10.10.0

Remote sites network/subnet is 10.0.0.0

 

I have experience issues in the past with overlapping subnets with FortiClient, but in those cases the device connecting remotely didnt loose Internet access, it just had issues accessing some devices at the office if some IP overlapped. They have been working fine for months

 

Could it be issues with the subnets? Something else?

    Best answer by Toshi_Esumi

    You need to run debugging on the FGT when it fails. If IPsec, "diag debug app ike -1". If SSL VPN, "diag debug app sslvpn -1".

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    August 3, 2018

    Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.

    ThePro
    TheProAuthor
    New Member
    August 3, 2018

    toshiesumi wrote:

    Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.

    I have split-tunnel enabled.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    August 3, 2018

    Then it's a problem on the client side if it loses internet. Something must have changed on the device or the FortiClient.

    For the access problem over the tunnel, again, you should check those specific routes are actually inserted into the routing table.

    Terms & ConditionsAccessibility statement