Skip to main content
turipriv
turipriv
Explorer
August 5, 2025
Question

Remote VPN User does not receive split tunnel routes

  • August 5, 2025
  • 1 reply
  • 737 views

Greetings everyone,

I manage a site using several client-to-site IPSec VPNs to allow suppliers' remote connection.

 

The standard configuration of the tunnels is as follows:

 

 - IKEv2 with PSK

 - RADIUS Authentication via Microsoft NPS and MFA through FortiToken Mobile

 - Specific PeerID in Phase1

 - Client receiving IP Address via ModeConfig with IPv4 split tunnel configured

 

I am currently facing a puzzling situation with one supplier who can successfully establish the VPN connection, but does not receive the static routes based on the split tunnel configured firewall-side.

All other colleagues using the same tunnel are working fine and receiving the appropriate routes; this particular one receives instead a default route.

 

The client configuration has been reviewed repeatedly. To avoid any possible bias, the client has also been installed anew and configured from scratch.

Set-up has been tested with Forticlient 7.4.0 and 7.4.3 (currently installed) with no success.

Fortigate is running 7.6.3 FortiOS.

Any suggestions as to why this might happen and how to further troubleshoot this are extremely appreciated.

1 reply

funkylicious
SuperUser
funkylicious
SuperUser
August 5, 2025

see if https://community.fortinet.com/t5/Support-Forum/Split-tunnel-not-working-for-IPSec-dial-up-vpn-s/m-p/402081/highlight/true#M273097 on what in the last comments users said that fixed their issue works

"jack of all trades, master of none"
    turipriv
    turiprivAuthor
    Explorer
    August 5, 2025

    I will try it tomorrow with the customer, thank you.

    Terms & ConditionsAccessibility statement