Troubleshooting Tip: Error 'vpn_connection:1335 Config routing table failed' when trying to connect SSL-VPN via FortiClient on KUbuntu 23.04

Umer221 · ‎12-27-2023

Description

This article describes how to troubleshoot an issue with FortiClient on KUbuntu 23.04 where users experience a failure to connect while the error 'vpn_connection:1335 Config routing table failed' appears in the FortiGate CLI.

Scope

FortiClient, FortiOS, KUbuntu 23.04.

Solution

If users running FortiClient on KUbuntu 23.04 are unable to connect SSL-VPN, run the following commands in the FortiGate CLI:

diag debug reset

diag deb dis

diagnose debug application fnbamd 255

diagnose debug application sslvpn -1

diagnose debug console timestamp enable

diagnose debug enable

Look for the error 'vpn_connection:1335 Config routing table failed' as shown in the following screenshot:

Run the following script before connecting to SSL-VPN again (It will loop around until it can bring up the VPN and then finish):

#!/bin/bash

echo "Try to connect to the VPN now"
x=99
while [ $x -ne 0 ]
do

echo "Waiting for VPN connection..."
sleep 1
connection=$(nmcli connection show | grep -oP '^vpn\S*')
x=$?

done

echo "VPN connection $connection was created! Waiting for 'device-reapply'..."
x=99
while [ $x -ne 0 ]
do

nmcli -f GENERAL.STATE con show $connection 2> /dev/null
x=${PIPESTATUS[0]}
sleep 1
echo "Still waiting..."

done

echo "Device is unmanaged. Setting it to 'up' again..."
nmcli con up $connection 2> /dev/null
echo "Done."