FortiClient VPN not connecting on Ubuntu: Backup routing table failed

fabio-C · ‎04-28-2022

Some debug info:

- sslvpn:739 Login successful

- main:1112 State: Configuring tunnel

- vpn_connection:1263 Backup routing table failed

- main:1412 Init

Things I tried:
1- reinstall FortiClient
2- disable ufw firewall

How can I solve that?

Ubuntu 22
FortiClient free 7.0.0.0018

Redtree · ‎05-09-2022

Version 6.4.0.0851 works on Ubuntu 22.04 after installing libindicator7. The latest versions 7.0.0.18 doesn't work. Tried it with deb installation and with apt installation.

omartinm · ‎06-24-2022

This is the solution that has worked in my case using ubuntu 22.04 and forticlient 7.0.3.

First, Forticlient tries to flush the DNS cache with the 'systemd-resolve' program which no longer exists in Ubuntu 22.04 (it has been replaced by 'resolvectl').
So we create a script '/usr/bin/systemd-resolve' with the following content:

#!/bin/bash

declare -a arguments

for i in "$@"; do
arguments+=(${i:2})
done

resolvectl ${arguments[@]}
sleep 10

Forticlient executes the command 'systemd-resolve --flush-caches' which the script transforms into 'resolvectl flush-caches'. Without the final 'sleep' in my case it kept failing. With this most of the time the VPN connection works

nikhilsingh050 · ‎03-24-2023

It worked for me but after a certain duration the internet stops working for few seconds. It keeps happening after a certain period. Looks like its happening because of the sleep.

alaniwi · ‎05-04-2024

I find the same thing - it works but then every now and then the connection hangs. By adding some debug statements to the script (to dump various diagnostics to a log file), I was able to confirm that the times when the connection hangs are indeed when the script is being executed (every 2 minutes), and also, the script is executed by the same /opt/forticlient/vpn process every time -- both at the startup of the VPN connection (when the sleep is needed) and at later times (when it gets in the way). I was able to modify omartinm's script so that the sleep is only executed if the script is run less than 1 minute after the start time of the parent process. This seems to have solved the problem.

!/bin/bash

declare -a arguments

get_start_t() {
date -d "$(ps -o lstart= $1) " +%s
}
ppid=$(ps -o ppid= $$)
agediff=$(expr $(get_start_t $$) - $(get_start_t $ppid))

for i in "$@"; do
arguments+=(${i:2})
done

resolvectl ${arguments[@]}

if [ $agediff -lt 60 ]

then
sleep 10
fi

As a reminder, this needs to be installed as /usr/bin/systemd-resolve (with execute bit set).

I can't yet be sure whether some process other than forticlient might try to call the script, causing some kind of odd behaviour. So far so good, but if it arises, it might be possible to further adapt the script to detect the command line of the parent process, and do something different if it is not being called by /opt/forticlient/vpn .

JayWH · ‎05-03-2023

This didn't work for me, but based on it, I just did:

cp /usr/bin/resolvctl /usr/bin/systemd-resolve

There was no /usr/bin/systemd-resolve file present before copying resolvctl to it. The Forticlient VPN is now working as expected, instead of terminating the connection and logging the backup routing problem.

Xubuntu 22.04 with Forticlient VPN 7.0.7.0246.

JayWH · ‎06-21-2023

This actually stopped working after a while - either after a reboot or after something else was updated, not exactly sure what. Will try the solution linked by Sadullah below.

In the meantime, I've just been using openforticlient.

Sadullah · ‎07-29-2023

Hey @JayWH may be it's funny =), but after a while my solution stopped working and now I tried yours, that works for me. It's message is that we should help each other more lol.

gworks-giovani · ‎10-24-2023

Worked perfect for me! Thanks!!

jleonardovanegas · ‎08-16-2022

i have the same problem with an additional behavior, if i connect the pc to wifi via mobile usb tethering it works, but if i connect the pc direct to lan it did not work. none of the above suggestions have worked. Any ideas?

rmwiseman · ‎09-08-2022

Unfortunately, nothing here fixed the issue for me. I'm now on Mint 21 (based on Ubuntu 22.04) and I've already got the latest version of Forticlient VPN and the latest versions of libappindicator1 and libindicator7. I've reinstalled all three, but it still won't connect. "vpn_connection:1263 Backup routing table failed" is the error I keep getting. Any ideas?

UPDATE: Since writing the above, I've now come into the office and am on a different WiFi network, and when I woke my computer, FortiClient connected! I've no idea what's different on this network, but it always used to work on the other one too. I'll see if it reconnects when I'm next online at home.