Description
This article shows how to disconnect a FortiClient established VPN tunnel, when a secondary user logs in to the same shared workstation.
Scope
FortiClient 5.4, 5.6
FortiClient EMS 1.2
Solution
Enable the '<single_user_mode>' tags in the XML settings of the VPN tunnel. After enabling it, any established VPN tunnel will disconnect if a secondary user logs in to the same workstation. The tag location varies according to the type of tunnel.
FortiClient Standalone
1) Open the FortiClient console
2) From the menu select: File/Settings/
3) Take a backup
4) Edit the XML settings
5) Enable <single_user_mode> as follows (depends on tunnel)
6) Save
7) Go back to File/Settings/
8) Restore
SSL VPN IPSec <sslvpn>
<connections>
<connection>
<name>
<![CDATA[172.17.97.155_SSL]]>
</name>
<server>172.17.97.155:10443</server>
<prompt_certificate>0</prompt_certificate>
<prompt_username>1</prompt_username>
<single_user_mode>1</single_user_mode>
</connection>
</connections>
</sslvpn><ipsecvpn>
<connections>
<connection>
<name><![CDATA[IPSec]]></name>
<type>manual</type>
<ike_settings>
<server>172.17.97.155</server>
<authentication_method>Preshared Key</authentication_method>
<single_user_mode>1</single_user_mode>
</ike_settings>
</ipsec_settings>
</connection>
</connections>
</ipsecvpn>
FortiClient Enterprise Management System (EMS)
1) Edit the profile used
2) Go to the VPN tab
3) Edit the VPN tunnel
4) Select Advanced Settings
5) Enable "Single User Mode"
6) Save Tunnel
7) Save Profile
SSL VPN
IPSec VPN
.png)
References
Further information is available in the FortiClient XML reference, in the parts referring to SSL VPN and IPsec VPN, which can be found here.
Syntax
| XML Tag | <single_user_mode> |
| Description | Enable or disable single user mode. If enabled, new and existing VPN connections cannot be established or will be disconnected if more than one user is logged in. Boolean value: [0 | 1] |
| Default Value |
0
|
