- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dynamic routes for FortiCli IPsec VPN
Hello,
I have a IPsec VPN for FortiClient created the past year, it was working fine with split-tunnel
It seems that about 15 days ago, when the quarantine started in Argentina, for some unknown reason, the clients can ping to the VOIP Router but can NOT ping to other VOIP devices in the same subnet
We dont know what could we do to modify this behavior
For example:
ping 172.20.35.1 -> succesful
ping 172.20.35.160 -> failed
With traceroutes to both addressess, the first jump to 172.20.35.1 was 172.20.15.1 (IPsec VPN Interface IP Address in the Fortigate), but the first jump for 172.20.35.160 was my local gateway
So I checked the routes in the client side and I realliced that I just had a route for 172.20.35.1/32 instead of 172.20.32.0/22
This route is dynamically created, so Fortigate is giving this route to clients, where can I change this?
Thanks in advance.
Regards,
Damián
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Damian sos de argentina? veo que hace tiempo usas fortigate, tengo un tema parecido al tuyo con la VPN que no accede a una red generada por un tunel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can enable "split tunneling" in the FC, and add a route to that subnet. Traffic to this subnet will then always use the tunnel. NOTE: traffic to other destinations, like any host on the internet, will NOT use the VPN anymore! If you want that you have to disable split tunneling (that is, a default route is inserted pointing to the /32 gateway).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I enable "split tunneling" in the FortiClient? it does not have any option to be enabled and the network adapter for FortiClient does not have the option to "use default gateway in the remote network"
Also, I dont know which gateway should I use for router.
I assigned an IP to VPN interface in the Fortigate, but Fortigate is not assigning his IP to clients on dynamic routes, it is assigning the next IP on pool.
For example:
Fortigate assign 172.20.15.68 to client and assign 172.20.15.69 as gateway in routes
Fortigate assign 172.20.15.69 to client and assign 172.20.15.70 as gateway in routes
Any Idea?
Regards,
Damián
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hola Juan Pablo,
Si, soy de Argentina, si queres contame que tipo de VPN tenes configurada y cual es el problema puntual y si te puedo ayudar te ayudo.
Saludos,
Damián