- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient VPN Problems With OSX 10.11 El Capitan
I installed the GM candidate of Mac OS X 10.11 El Capitan and my FortiClient VPN has stopped working. It completes the login, but after connection, no data is transferred - the incoming and outgoing freeze. It is a split tunnel connection and neither network or internet traffic works.
I tried disabling the firewall and System Integrity Protection, but neither had any effect.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been trying since the first public beta, and now on the final GM Candidate. The VPN problem is there. Basically, what is wrong is that OS X's resolver is sending traffic out through the primary (original) network interface, even though the route table correctly shows that the VPN tunnel (ppp0) should be used.
When you use a command like nslookup, the DNS traffic goes through the VPN tunnel (ppp0) properly.
DNS name resolution fails because my VPN client is told to use my corporate DNS server, but my corporate DNS server refuses to serve name queries from outside the corporate network. When the FortiClient VPN is connected, OS X's name resolution traffic arrives at the DNS server with the client's public Internet IP address, and hence is refused by my DNS server.
Technically, this looks like an OS X bug. Or, perhaps there really is something wrong that FortiClient is dong. Either way, I hope FortiNet can rectify or take it up with Apple to fix El Capitan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Facing the same issue. Latest FortiClient(5.3*) did not fix it.
But, FortiClient 4.0.2082 did not have any such issues(though it occasionally stops tunneling on its own).
Waiting for a fix like everyone, but 4.0.2082 is letting me work for time being.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#7287...
Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a new private build here:
https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg
Would you guys give it a try?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chris.Lin wrote:It works for now! Thanks!There is a new private build here:
https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg
Would you guys give it a try?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just ran El Capitan updates and it still does not work - bummer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chris.Lin wrote:Thanks ! I had same problems that other people since 3 months with forticlient and this new build fixes the issue!!! Great job!Here is another interim build b499.
https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.499_macosx.dmg
5.4.1 release may be available at the end of February.
P.S. b493 from previous post is different from the official 5.4.0 b493. Developer made the change after 5.4.0 was released.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this. A more recent build.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After update to MacOS Sierra the client 5.4.1 works as expected....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGSc 24 0 en0 1.1.1.1 <vpnipadress> UH 4 0 ppp0 <otheripaddress1>/32 1.1.1.1 UGSc 1 0 ppp0 <otheripaddress2>/24 1.1.1.1 UGSc 2 0 ppp0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
brudy wrote:I just tried El Capitan with the built in Cisco IPSec VPN client. Same behavior. IP does work, DNS fails.
In this case no 3rd party software is involved. It is pure Mac. Looks like the problem needs to fixed in El Capitan and not in the FortiClient.
For me, FortiClient 4.0.2082 works without major issues in El Capitan. I think this issue might be the result of some major networking changes in El Capitan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sridhar wrote:Waiting for a fix like everyone, but 4.0.2082 is letting me work for time being.
Do you know of a place to download it from?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sridhar wrote:Waiting for a fix like everyone, but 4.0.2082 is letting me work for time being.
Thanks for the link. Unfortunately that version doesn't support FortiToken, so it won't help me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tech support wrote:According to tech support...
Currently there is no supported version of FortiClient for Mac OS X 10.11 El Capitan. The following table lists FortiClient (Mac OS X) 5.2.4 product integration and support information.Desktop Operating Systemsl Mac OS X v10.8 Mountain Lionl Mac OS X v10.9 Mavericksl Mac OS X v10.10 Yosemite The next version of FortiClient has a tentative release date of the 2nd week of October.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lubyou wrote:
Tech support wrote:According to tech support...
Currently there is no supported version of FortiClient for Mac OS X 10.11 El Capitan. The following table lists FortiClient (Mac OS X) 5.2.4 product integration and support information.Desktop Operating Systemsl Mac OS X v10.8 Mountain Lionl Mac OS X v10.9 Mavericksl Mac OS X v10.10 Yosemite The next version of FortiClient has a tentative release date of the 2nd week of October.
Second week of Oct doesn't sound bad, provided they have a fix for this issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi..
I tried to use forticlient on: MAC v10.9, v10.10 and v10.11. All of them install the client, I can connect in a VPN using IPSEC but the traffic doesn´t pass from MAC to VPN. I´ve a opened ticket with Fortinet and Engineer doesn´t solve this.
Does anyone see this problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There seems to be issue with 10.11 resolver. When it sends DNS request through tunnel, it uses the IP from physical interface, instead of the tunnel interface.
We opened a ticket with Apple and we are waiting for their response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To me... I can´t ping any IP Address. And If I use this same connection on Windows all work fine..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chris.Lin wrote:There seems to be issue with 10.11 resolver. When it sends DNS request through tunnel, it uses the IP from physical interface, instead of the tunnel interface.
We opened a ticket with Apple and we are waiting for their response.
That means that the upcoming Forticlient release will not have a fix for the DNS issue on 10.11, does it not?
patz@procergs.rs.gov.br wrote:Hi.. I tried to use forticlient on: MAC v10.9, v10.10 and v10.11. All of them install the client, I can connect in a VPN using IPSEC but the traffic doesn´t pass from MAC to VPN. I´ve a opened ticket with Fortinet and Engineer doesn´t solve this. Does anyone see this problem?
Seeing how you encounter issues on OS X 10.9-10.11, I do not see how your problem relates to the rest of the thread.
Possibly open another thread and provide details, incl. a proper problem description, config details etc.