Created on 09-12-2015 03:00 PM
I installed the GM candidate of Mac OS X 10.11 El Capitan and my FortiClient VPN has stopped working. It completes the login, but after connection, no data is transferred - the incoming and outgoing freeze. It is a split tunnel connection and neither network or internet traffic works.
I tried disabling the firewall and System Integrity Protection, but neither had any effect.
Solved! Go to Solution.
Created on 09-22-2015 01:26 AM
I've been trying since the first public beta, and now on the final GM Candidate. The VPN problem is there. Basically, what is wrong is that OS X's resolver is sending traffic out through the primary (original) network interface, even though the route table correctly shows that the VPN tunnel (ppp0) should be used.
When you use a command like nslookup, the DNS traffic goes through the VPN tunnel (ppp0) properly.
DNS name resolution fails because my VPN client is told to use my corporate DNS server, but my corporate DNS server refuses to serve name queries from outside the corporate network. When the FortiClient VPN is connected, OS X's name resolution traffic arrives at the DNS server with the client's public Internet IP address, and hence is refused by my DNS server.
Technically, this looks like an OS X bug. Or, perhaps there really is something wrong that FortiClient is dong. Either way, I hope FortiNet can rectify or take it up with Apple to fix El Capitan.
Facing the same issue. Latest FortiClient(5.3*) did not fix it.
But, FortiClient 4.0.2082 did not have any such issues(though it occasionally stops tunneling on its own).
Waiting for a fix like everyone, but 4.0.2082 is letting me work for time being.
I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#7287...
Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.
Chris.Lin wrote:Thanks ! I had same problems that other people since 3 months with forticlient and this new build fixes the issue!!! Great job!
Here is another interim build b499.
5.4.1 release may be available at the end of February.
P.S. b493 from previous post is different from the official 5.4.0 b493. Developer made the change after 5.4.0 was released.
htoomik wrote:Chris.Lin wrote:Thank you Chris! This fixes the issue for me as well (on 10.11.1). So nice to be able to work normally again!
There is a new private build here:
Would you guys give it a try?
That's pretty awesome to find out about this. thank you bud!
be careful with 5.4.0 there is a known issue with causing the kernel to panic and crash potentially losing unsaved user data.
Make sure to download and read through the release notes of forticlient-5.4.0-mac-os-x-release-notes.pdf
ok, thank you! but the link still doesn't work.. I seen in this forum that there is scheduled the 5.4.1 version to resolve both issues. some update about release date?
Would anyone be willing to share a copy of the private build 220.127.116.119 that was posted in this forum back in Feb?
The link seems to have stopped working :(
Chris.Lin wrote:I want you to know you saved me hours in opening trouble tickets. The issue here was that the El Captain machine when connected to the VPN, had very slow response to websites that were on the outside-split of the SSL VPN tunnel. Ping would work, but things like traceroute would grind, opening websites would grind and mostly fail, but if you tried enough load slowly. Upon installing this, everything came right up and worked. Please get this into production ASAP so I don't have to use production software found on dropbox.
Try this. A more recent build.