Skip to main content
Icebun
Icebun
Explorer II
February 22, 2022
Question

Incorrect routing table entry when SSL VPN is establised

  • February 22, 2022
  • 7 replies
  • 20811 views

I have a situation affecting some Dell Latitude Laptops (54xx series).

 

When the VPN is established, there is an incorrect routing entry in the Windows 10 table for our LAN resources where the Gateway points to the IP address of the users home router rather than the VPN interface IP.

 

Manually deleting the route fixes the issue but that requires elevated privileges so not practical.

 

Ticket officially logged but just wondering if anyone has experienced this before?

 

The only way around is to create some sort of windows scheduled task that will run the delete route command with elevated permissions.

 

The problem I am having with this is to capture the right trigger as the VPN is established, either in event viewer or some process running in Task Manager.

 

Can anyone help with identifying any of the above as well?

 

 

 

    7 replies

    Debbie_FTNT
    Staff & Editor
    Debbie_FTNT
    Staff & Editor
    February 23, 2022

    Hey Icebun,

    I can't say that I've ever come across such an issue before - I'm sometimes using a Dell Latitude (though 74xx series) myself, with Windows 10 and FortiClient 7.0.2, and not having any issues.

    Are you using split-tunneling? I'm not; my default route is through VPN when that's up and running (with metric 1 - the local WiFi default route is metric 50), and traffic is being routed exactly as intended.

    Icebun
    IcebunAuthor
    Explorer II
    February 24, 2022

    Hi Debbie, 

    Yes we are using Split Tunnelling and the issue is only specific to new Dell Laptops.

    Another option I am currently exploring is maintaining Split Tunnelling but on the FortiGate FW, explicitly add in all the Routing Addresses under

    VPN > SSL-VPN-Portals > Routing Address

    Using Cloud EMS so only running 6.4.x FortiClient as the latest.

     

     

     

    Patrick42110
    Patrick42110
    New Member
    April 8, 2022

    Hello, i had problem too, i resolve after remove sofware include in image base DELL.

    Go in programs and features , and remove Software Connectexpress drivers of "rivet software"

     

      wberger
      wberger
      Explorer
      November 16, 2022

      I could hug you right now!!! I've spent hours looking for a resolution to this. I went ahead and uninstalled Dell Optimizer which in turn removed the ExpressConnect Drivers and Services.

        Icebun
        IcebunAuthor
        Explorer II
        April 11, 2022

        Thanks everyone for the replies.

         

        @Patrick42110 it is interesting to know about the Connect Express Driver for the future.

         

        In the end, I had to hard code the Routing Addresses as shown here which resolved my issue.

        Icebun_0-1649666213375.png

         

        Sunwest
        Sunwest
        New Member
        May 19, 2022

        Interestingly I had to do the same thing and manually specify individual routing addresses. When adding the entire subnet (as was defined in the rules anyway), it didn't work. 

        Worth noting the two users I had this problem with were also using Dell laptops.

        giowolf
        giowolf
        New Member
        July 21, 2022

        Hi.

        I'm facing this identical problem today.

        On a dell Win PC, a route for our server network  appears dinamically and redirect trafic to gateway instead tunnel interface.

         

        this route appear and disapper in route print following my attemps to contact some server.

         

        I solved the problem by pushing a more granular route into the VPN portal setup.

        Just yesterday I installed some additional Dell software tools.
        I suspect that the network switching function of "dell optimizer" is causing this

        lunhas2k4
        lunhas2k4
        Explorer II
        August 11, 2022

        Hi guys, 

        Just had the same issue! For some odd reason on my "Linux" machine I didn't have the issue, on my virtual "Windows 10" machine inside my  Linux machine it works perfectly. 

        We are using FortiOS 7.0.3. We changed a CLI setting  "set split-tunneling-routing-negate" to disable. For some odd reason on the GUI when you enable split-tunnel this setting gets enabled.

        The other way would be to use the "Enable Based on Policy Destination" option. Which has the setting "set split-tunneling-routing-negate" disabled by default. 

        It might have been corrected on recent updates by the Fortinet. 

        Let us know if this was helpful! 

        InsertSmartUsername
        InsertSmartUsername
        Explorer
        November 30, 2023

        Experienced exact same issue as @Icebun on Dell Latitude 5530.
        Disabled the "Network" portion in Dell Optimizer application and this resolved the issue and routing table issue.

        We had a VPN split tunnel /23 network object and the last subnet in the /23 subnet was creating another /24 subnet entry in the laptop routing table which was routing via the home Wi-Fi IP or Wi-Fi hotspot IP.

         

        Screenshot 2023-11-30 134708.pngScreenshot 2023-11-30 134747.png

         

        Umer221
        Staff
        Umer221
        Staff
        November 30, 2023

        https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Lost-internet-connection-when-connecting-SSL/ta-p/286345

         

         

        Try using this article. 

        Terms & ConditionsAccessibility statement