Skip to main content
Storyteller
Storyteller
New Member
February 27, 2020
Solved

Microsoft Teams and VPN IPsec dialup

  • February 27, 2020
  • 2 replies
  • 33914 views

We have a VPN IPsec setted by wizard to use by forticlient.

It seems that split-tunnel is disabled. If I connect and then go to internet I navigate by company ISP (tested by whatismyip). 

The VPN works like a charm but we cannot make call by MS Teams. The chat works but non video/audio call. I found that there are some problem with Teams. I would know if I can exclude the Teams connection from the tunnel using ipv4-split-include/ipv4-split-exclude settings or if there is any workaround.

 

[Update 20-03-02]

Using a VPN Native windows without split tunnel Teams works, calls included. The problem is Forticlient.

 

[Update 20-03-11]

Using Forticlient on MAC it works, only windows does not work.

 

[Update 20-03-12]

Group calls works. P2P calls no. There's a bug in the recent version of FC. Use version 6.0.0.0067 to solve the issue. It works.

 

Regards,

Graziano.

 

    Best answer by 3d1l

    I had to open a case with Microsoft support for this issue and the official response is that Teams does not work with VPN unless you enable the split tunnel option, and even with split tunel we have some users that have problems with the VPN active. This is the official article but the microsoft support technitian told me that without split tunnel Teams is not going to work.

     

    https://docs.microsoft.com/en-us/microsoftteams/upgrade-prepare-environment-prepare-network

     

    VPN

    VPNs provide a valuable service to many organizations. Unfortunately, they're typically not designed or configured to support real-time media. Some VPNs might also not support UDP. VPNs also introduce an extra layer of encryption on top of media traffic that's already encrypted. In addition, connectivity to the Teams service might not be efficient due to hair-pinning traffic through a VPN device. Furthermore, they aren't necessarily designed from a capacity perspective to accommodate the anticipated loads that Teams will require.

    The recommendation is to provide an alternate path that bypasses the VPN for Teams traffic. This is commonly known as split-tunnel VPN. Split tunneling means that traffic for Office 365 won't traverse the VPN but will go directly to Office 365. This change will have a positive impact on quality, but also provides the secondary benefit of reducing load from the VPN devices and the organization's network.

    To implement a split-tunnel, consult with your VPN vendor for the configuration details.

    0 Links

    2 replies

    kevinj
    kevinj
    New Member
    March 12, 2020

    I am experiencing the same issue with Teams running through a full tunnel with Windows.  The calls will not connect.  If I disconnect the FortiClient VPN the calls function properly.  Did you ever find an answer to this issue?

    Storyteller
    StorytellerAuthor
    New Member
    March 12, 2020

    Kevin,

    there's a bug in recent version of Forticlient for W10, using MacOS the issue disappear.

    You can workaround the issue using FC version 6.0.0.0067.

    I've tested today with success and I'm doing a massive downgrade.

     

    Regards,

    Graziano.

     

    martinsrus
    martinsrus
    New Member
    March 13, 2020

    Same issue... Where can FC version 6.0.0.0067 be downloaded from?

    mark_withington
    mark_withington
    New Member
    March 30, 2020

    Anyone any update on this? I have logged this with Fortinet support but not having any luck with them.

    Eiler_Jorgensen
    Eiler_Jorgensen
    New Member
    April 2, 2020

    Hi  -  I have the same problem with IPsec VPN. When I use SSL VPN instead it works 

    Terms & ConditionsAccessibility statement