Skip to main content
slartibartfast
slartibartfast
New Member
November 11, 2020
Question

No internet access connecting to IPsec VPN with split tunnel enabled

  • November 11, 2020
  • 2 replies
  • 15766 views

We are migrating from a Fortigate 30E (firmware 5.4.3) to a FortiWiFi 60F (firmware 6.4.3). The IPsec VPN on the new device was set up using the wizard, and with split tunnel enabled. This worked fine on the old unit but on the new one the VPN works but cuts off internet access. (We also have SSL VPN configured for split tunnel and there is no problem with that on either device.)

 

What appears to be happening is that after connecting to the 60F's IPsec VPN, the routing table on the client winds up with two default routes. The additional default route added points to an address in the VPN tunnel and internet access no longer works. This does not happen when connecting to the 30E's IPsec VPN, or SSL VPN on either device.

 

Client software is Forticlient 5.6.2.117 running on Windows 10. I have double-checked that "Enable IPv4 Split Tunnel" is enabled in the 60F's IPsec configuration, and accessible networks is set to "IPsec VPNsplit". Is there some other setting required to get split tunneling to work?

    2 replies

    sw2090
    SuperUser
    sw2090
    SuperUser
    November 12, 2020

    I'd suggest upgrading FortiClient. I'm not sure if FortiClient 5.6 is still 100% compatible with FortiOS 6.4.

    I remember having had similar issues which were fixed by upgrading Forticllient.

    slartibartfast
    slartibartfastAuthor
    New Member
    November 12, 2020

    As a test I uninstalled the old Forticlient and installed the latest (version 6.4), but unfortunately the problem persists. Exact same symptom, the VPN works but internet is cut off and two default gateways appear in the routing table

    slartibartfast
    slartibartfastAuthor
    New Member
    November 13, 2020

    As a further test I disabled split tunnel in the IPsec configuration, with the same result - the VPN works but the client PC's internet access is cut off and the same change in the routing table is made where there are two default routes.

    sw2090
    SuperUser
    sw2090
    SuperUser
    November 12, 2020

    I'd suggest upgrading FortiClient. I'm not sure if FortiClient 5.6 is still 100% compatible with FortiOS 6.4.

    I remember having had similar issues which were fixed by upgrading Forticllient.

    Terms & ConditionsAccessibility statement