| Description | This article describes a scenario when the FortiClient dial-up tunnel keeps disconnecting for some users. |
| Scope | FortiOS v7.0 or higher. |
| Solution |
There might be some instances when the FortiClient dial-up tunnel keeps disconnecting for some users.
To isolate the issue, run the IKE debug as follows:
For v7.4 and higher versions:
diagnose vpn ike log filter rem-addr4 x.x.x.x
For v7.2 and lower versions:
diagnose vpn ike log filter dst-addr4 x.x.x.x
In the debug, the tunnel will show coming up, and no error will be observed. Besides the fact that FortiGate sent a couple of keep-alive messages, and after that it received an ISAKMP delete message as shown below.
Furthermore, the IKE gateway can be seen established as shown below, the only thing that is interesting to notice is that it is establishing the tunnel over IPv6 instead of IPv4 as shown below.
This can also be checked from the FortiGate GUI under the IPsec Monitor, Peer ID column:
Solution:
The solution for this is to disable IPv6 on the FortiClient network adapter on the problematic machine.
Go to Control panel -> Network and sharing center -> Change adapter settings -> Select Fortinet Virtual Ethernet Adapter.
'Right-click' on it, change the property, scroll down to find TCP/IPV6, and uncheck that as shown below.
Note: If the VPN still gets disconnected, then try disabling the IPv6 settings on the Wi-Fi adapter or the adapter through which the internet is accessed.
If still facing issues after that, run the IKE debug and feel free to contact Fortinet Support: |
