forticlient vpn issue from windows 11 laptop, OS version 7.2.0

kkbk96 · ‎08-10-2022

So the vpn connects fine but there seems to be some issue with routing or something since i cannot get to any network behind my Fortigate 60E (which is the firewall I'm using for this).

ipconfig on windows:

Ethernet adapter Ethernet 4:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::5184:1128:9cd8:c861%12
IPv4 Address. . . . . . . . . . . : 192.168.2.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.16

why does it get 192.168.2.16 as the default gateway? i included that as part of the ip vpn pool which is 192.168.2.10-192.168.2.15

Also how does the routing work when you are connected to this vpn?

Firewall config:

3 rules created and 0 hits on all.

ConnectedtoSwitch (internal1) - 192.168.2.10/24

RemoteAccess_range - 192.168.2.15 - 192.168.2.30

Remote Access_split1 -

Vlan 20 address

Vlan10 address

Vlan 20 - 192.168.20.0/24

Vlan 10 - 192.168.10.0/24

Routing table:

Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 17x.x.x.x, wan1, [1/0]
C 169.254.1.1/32 is directly connected, RemoteAccess
C 17x.x.x.0/24 is directly connected, wan1
C 192.168.1.0/24 is directly connected, internal2
C 192.168.2.0/24 is directly connected, internal1
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan 20

VPN Config:

What should i do to get it to work?

Let me know if i need to post more configs.

Thank You.

kkbk96 · ‎08-16-2022

So i enabled split tunneling and included 192.168.10.0/24 and 192.168.20.0/24 as the accessible networks however i still cannot get to these networks:

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.27.104 192.168.27.20 35
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.17.19.241 255.255.255.255 On-link 172.17.19.241 257
192.168.2.0 255.255.255.0 On-link 192.168.2.15 257
192.168.2.15 255.255.255.255 On-link 192.168.2.15 257
192.168.2.255 255.255.255.255 On-link 192.168.2.15 257
192.168.7.0 255.255.255.0 On-link 192.168.7.1 291
192.168.7.1 255.255.255.255 On-link 192.168.7.1 291
192.168.7.255 255.255.255.255 On-link 192.168.7.1 291
192.168.10.0 255.255.255.0 192.168.2.16 192.168.2.15 1
192.168.20.0 255.255.255.0 192.168.2.16 192.168.2.15 1

if you look at the last 2 lines in the routing table you can see the default gateways (192.168.2.16) for those 2 networks which i believe is incorrect so what should i do to make it work?

Strange thing is somehow i can get internet connection, i can access anything going out of wan1 port.

sw2090 · ‎08-16-2022

and yes its "route print" on windows. Or "netstat -rn" on MacOSX. Or just "route" on Linux :)

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

kkbk96 · ‎08-16-2022

ok thanks will probably post the route details in about 8-9 hours from now.