FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
slovepreet
Staff
Staff
Article Id 367130
Description This article describes a scenario when the FortiClient dial-up tunnel keeps disconnecting for some users.
Scope FortiOS v7.0 or higher.
Solution

There might be some instances when the FortiClient dial-up tunnel keeps disconnecting for some users. 

 

To isolate the issue, run the IKE debug as follows:

 

For v7.4 and higher versions:

 

diagnose vpn ike log filter rem-addr4 x.x.x.x
diagnose debug application ike -1
diagnose debug enable

 

For v7.2 and lower versions:

 

diagnose vpn ike log filter dst-addr4 x.x.x.x
diagnose debug application ike -1
diagnose debug enable

 

In the debug, the tunnel will show coming up, and no error will be observed. Besides the fact that FortiGate sent a couple of keep-alive messages, and after that it received an ISAKMP delete message as shown below. 

 

Keep alive.png

 

Furthermore, the IKE gateway can be seen established as shown below, the only thing that is interesting to notice is that it is establishing the tunnel over IPv6 instead of IPv4 as shown below.

 

ike.png

 

This can also be checked from the FortiGate GUI under the IPsec Monitor, Peer ID column:

 

ipsec_monitor.PNG

 

Solution:

 

The solution for this is to disable IPv6 on the FortiClient network adapter on the problematic machine. 

 

Go to Control panel -> Network and sharing center -> Change adapter settings -> Select Fortinet Virtual Ethernet Adapter.

 

'Right-click' on it, change the property, scroll down to find TCP/IPV6, and uncheck that as shown below.

 

Network adapter.png

Note:

If the VPN still gets disconnected, then try disabling the IPv6 settings on the Wi-Fi adapter or the adapter through which the internet is accessed.

 

If still facing issues after that, run the IKE debug and feel free to contact Fortinet Support:

Fortinet Support Portal