FortiClient in MacOs Sonoma - Split Tunneling

ajdelgado · ‎03-26-2024

Hello good.
I have installed Forticlient on my Mac.
I connect perfectly to my VPN, but it leaves me without connection to my calls or "local" resources.
I can't browse the internet on my network, or access my printer.
I need to make a route that allows only the calls I want to go out through the VPN.
How can I do split tunneling for Forticliente on MacOs Sonoma?
I know there is no configuration panel option and you have to do it using the terminal and commands.
Does anyone know how?
Thank you.

dbu · ‎04-01-2024

Yes, if it does not work try :
sudo route -n -delete 192.168.5.50/32

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

ajdelgado · ‎04-01-2024

Not work :(

Same...

dbu · ‎04-01-2024

what is the result of the routing table now after you modified the static routes?

Share the output of netstat -m again.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

ajdelgado · ‎04-01-2024

Connect to VPN

Internet:

Destination Gateway Flags Netif Expire

default 192.168.1.1 UGScg en7

default 192.168.1.1 UGScIg en0

default link#20 UCSIg utun5

127 127.0.0.1 UCS lo0

127.0.0.1 127.0.0.1 UH lo0

169.254 link#13 UCS en7 !

169.254 link#6 UCSI en0 !

192.168.1 link#13 UCS en7 !

192.168.1 link#6 UCSI en0 !

192.168.1 192.168.1.1 UGScI utun5

192.168.1.1/32 link#13 UCS en7 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1198

192.168.1.1/32 link#6 UCSI en0 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1198

192.168.1.22/32 link#13 UCS en7 !

192.168.1.22 0:24:32:18:7c:1e UHLWI en0 1018

192.168.1.22 0:24:32:18:7c:1e UHLWIi lo0

192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 1119

192.168.1.35 86:87:3e:f5:85:cb UHLWI en7 1119

192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 535

192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 535

192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1112

192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1112

192.168.1.42/32 link#6 UCS en0 !

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 648

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 648

192.168.1.47 38:8b:59:8e:de:52 UHLWI en0 1140

192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1140

192.168.1.48 b6:cc:37:87:8e:c3 UHLWIi en0 1161

192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1160

192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI en7 !

192.168.5.3/32 link#20 UCS utun5

192.168.5.3 link#20 UHWIi utun5

192.168.5.4/32 link#20 UCS utun5

192.168.5.5/32 link#20 UCS utun5

192.168.5.22/32 link#20 UCS utun5

192.168.5.23/32 link#20 UCS utun5

192.168.5.24/32 link#20 UCS utun5

192.168.5.25/32 link#20 UCS utun5

192.168.5.26/32 link#20 UCS utun5

192.168.5.29/32 link#20 UCS utun5

192.168.5.30/32 link#20 UCS utun5

192.168.5.31/32 link#20 UCS utun5

192.168.5.32/32 link#20 UCS utun5

192.168.5.33/32 link#20 UCS utun5

192.168.5.36/32 link#20 UCS utun5

192.168.5.43/32 link#20 UCS utun5

192.168.5.45/32 link#20 UCS utun5

192.168.5.50/32 link#20 UCS utun5

192.168.5.50 link#20 UHWIi utun5

192.168.50.1 192.168.50.1 UH utun5

224.0.0/4 link#13 UmCS en7 !

224.0.0/4 link#6 UmCSI en0 !

224.0.0/4 link#20 UmCSI utun5

224.0.0.251 1:0:5e:0:0:fb UHmLWI en0

224.0.0.251 1:0:5e:0:0:fb UHmLWI en7

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7

239.255.255.250 link#20 UHmW3I utun5 700

255.255.255.255/32 link#13 UCS en7 !

255.255.255.255/32 link#6 UCSI en0 !

255.255.255.255/32 link#20 UCSI utun5

No connect

Internet:

Destination Gateway Flags Netif Expire

default 192.168.1.1 UGScg en7

default 192.168.1.1 UGScIg en0

127 127.0.0.1 UCS lo0

127.0.0.1 127.0.0.1 UH lo0

169.254 link#13 UCS en7 !

169.254 link#6 UCSI en0 !

192.168.1 link#13 UCS en7 !

192.168.1 link#6 UCSI en0 !

192.168.1.1/32 link#13 UCS en7 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1199

192.168.1.1/32 link#6 UCSI en0 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1199

192.168.1.22/32 link#13 UCS en7 !

192.168.1.22 0:24:32:18:7c:1e UHLWI en0 940

192.168.1.22 0:24:32:18:7c:1e UHLWI lo0

192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 1041

192.168.1.35 86:87:3e:f5:85:cb UHLWI en7 1041

192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 457

192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 457

192.168.1.38 70:70:aa:f2:2f:1d UHLWIi en0 1129

192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1129

192.168.1.42/32 link#6 UCS en0 !

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 570

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 570

192.168.1.47 38:8b:59:8e:de:52 UHLWIi en0 1160

192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1159

192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1083

192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1082

192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI en7 !

224.0.0/4 link#13 UmCS en7 !

224.0.0/4 link#6 UmCSI en0 !

224.0.0.251 1:0:5e:0:0:fb UHmLWI en0

224.0.0.251 1:0:5e:0:0:fb UHmLWI en7

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7

255.255.255.255/32 link#13 UCS en7 !

255.255.255.255/32 link#6 UCSI en0 !

ajdelgado · ‎04-01-2024

Without VPN

Internet:

Destination Gateway Flags Netif Expire

default 192.168.1.1 UGScg en7

default 192.168.1.1 UGScIg en0

127 127.0.0.1 UCS lo0

127.0.0.1 127.0.0.1 UH lo0

169.254 link#13 UCS en7 !

169.254 link#6 UCSI en0 !

192.168.1 link#13 UCS en7 !

192.168.1 link#6 UCSI en0 !

192.168.1.1/32 link#13 UCS en7 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1199

192.168.1.1/32 link#6 UCSI en0 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1199

192.168.1.22/32 link#13 UCS en7 !

192.168.1.22 0:24:32:18:7c:1e UHLWI en0 940

192.168.1.22 0:24:32:18:7c:1e UHLWI lo0

192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 1041

192.168.1.35 86:87:3e:f5:85:cb UHLWI en7 1041

192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 457

192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 457

192.168.1.38 70:70:aa:f2:2f:1d UHLWIi en0 1129

192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1129

192.168.1.42/32 link#6 UCS en0 !

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 570

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 570

192.168.1.47 38:8b:59:8e:de:52 UHLWIi en0 1160

192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1159

192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1083

192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1082

192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI en7 !

224.0.0/4 link#13 UmCS en7 !

224.0.0/4 link#6 UmCSI en0 !

224.0.0.251 1:0:5e:0:0:fb UHmLWI en0

224.0.0.251 1:0:5e:0:0:fb UHmLWI en7

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7

255.255.255.255/32 link#13 UCS en7 !

255.255.255.255/32 link#6 UCSI en0 !

With VPN

Internet:

Destination Gateway Flags Netif Expire

default 192.168.1.1 UGScg en7

default 192.168.1.1 UGScIg en0

default link#20 UCSIg utun5

127 127.0.0.1 UCS lo0

127.0.0.1 127.0.0.1 UH lo0

169.254 link#13 UCS en7 !

169.254 link#6 UCSI en0 !

192.168.1 link#13 UCS en7 !

192.168.1 link#6 UCSI en0 !

192.168.1 192.168.1.1 UGScI utun5

192.168.1.1/32 link#13 UCS en7 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1200

192.168.1.1/32 link#6 UCSI en0 !

192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1200

192.168.1.22/32 link#13 UCS en7 !

192.168.1.22 0:24:32:18:7c:1e UHLWIi lo0

192.168.1.35 link#6 UHLWI en0 !

192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1181

192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1188

192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1188

192.168.1.42/32 link#6 UCS en0 !

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 898

192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 898

192.168.1.47 38:8b:59:8e:de:52 UHLWI en0 1157

192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1157

192.168.1.48 b6:cc:37:87:8e:c3 UHLWIi en0 1198

192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1198

192.168.5.3/32 link#20 UCS utun5

192.168.5.3 link#20 UHWIi utun5

192.168.5.4/32 link#20 UCS utun5

192.168.5.5/32 link#20 UCS utun5

192.168.5.22/32 link#20 UCS utun5

192.168.5.23/32 link#20 UCS utun5

192.168.5.24/32 link#20 UCS utun5

192.168.5.25/32 link#20 UCS utun5

192.168.5.26/32 link#20 UCS utun5

192.168.5.29/32 link#20 UCS utun5

192.168.5.30/32 link#20 UCS utun5

192.168.5.31/32 link#20 UCS utun5

192.168.5.32/32 link#20 UCS utun5

192.168.5.33/32 link#20 UCS utun5

192.168.5.36/32 link#20 UCS utun5

192.168.5.43/32 link#20 UCS utun5

192.168.5.45/32 link#20 UCS utun5

192.168.5.50/32 link#20 UCS utun5

192.168.5.50 link#20 UHWIi utun5

192.168.50.2 192.168.50.2 UH utun5

224.0.0/4 link#13 UmCS en7 !

224.0.0/4 link#6 UmCSI en0 !

224.0.0/4 link#20 UmCSI utun5

224.0.0.251 1:0:5e:0:0:fb UHmLWI en0

224.0.0.251 1:0:5e:0:0:fb UHmLWI en7

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0

239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7

239.255.255.250 link#20 UHmW3I utun5 292

255.255.255.255/32 link#13 UCS en7 !

255.255.255.255/32 link#6 UCSI en0 !

255.255.255.255/32 link#20 UCSI utun5

ajdelgado · ‎04-02-2024

I have searched for information for the VPN connection being used.
networksetup -getinfo "VPN"
IPv6: Automatic
IPv6 IP address: none
IPv6 Router: none

Could the VPN use the connection via IPv6 and the one we are configuring is IPv4?

netstat -rn:

With VPN

Internet6:

Destination Gateway Flags Netif Expire

default fe80::%utun0 UGcIg utun0

default fe80::%utun1 UGcIg utun1

default fe80::%utun2 UGcIg utun2

default fe80::%utun3 UGcIg utun3

default fc00:16bd:9656:e519:: UGcIg utun5

::1 ::1 UHL lo0

fc00:16bd:9656:e519::/64 fe80::aede:48ff:fe00:1122%utun5 Uc utun5

fc00:16bd:9656:e519:cdad:fe64:ef4c:460e link#20 UHL lo0

fe80::%lo0/64 fe80::1%lo0 UcI lo0

fe80::1%lo0 link#1 UHLI lo0

fe80::%en5/64 link#4 UCI en5

fe80::aede:48ff:fe00:1122%en5 ac:de:48:0:11:22 UHLI lo0

fe80::aede:48ff:fe33:4455%en5 ac:de:48:33:44:55 UHLWIi en5

fe80::aca4:26ff:fecd:4061%awdl0 ae:a4:26:cd:40:61 UHLI lo0

fe80::aca4:26ff:fecd:4061%llw0 ae:a4:26:cd:40:61 UHLI lo0

fe80::%en7/64 link#13 UCI en7

fe80::457:52b:79cc:5c6e%en7 link#13 UHLWI en7

fe80::4e2:e9aa:c21:8534%en7 1e:df:d7:85:ba:94 UHLWI en7

fe80::88a:6b8c:5606:52d2%en7 0:24:32:18:7c:1e UHLI lo0

fe80::1070:944d:afaa:41bb%en7 86:87:3e:f5:85:cb UHLWIi en7

fe80::2eea:dcff:fe4d:cb00%en7 2c:ea:dc:4d:cb:0 UHLWI en7

fe80::3a8b:59ff:fe8e:de52%en7 38:8b:59:8e:de:52 UHLWI en7

fe80::%utun0/64 fe80::5f36:bc68:4b1b:c4cf%utun0 UcI utun0

fe80::5f36:bc68:4b1b:c4cf%utun0 link#15 UHLI lo0

fe80::%utun1/64 fe80::39b1:b7fa:3e9e:3e3%utun1 UcI utun1

fe80::39b1:b7fa:3e9e:3e3%utun1 link#16 UHLI lo0

fe80::%utun2/64 fe80::3217:f35f:1b7a:45e9%utun2 UcI utun2

fe80::3217:f35f:1b7a:45e9%utun2 link#17 UHLI lo0

fe80::%utun3/64 fe80::ce81:b1c:bd2c:69e%utun3 UcI utun3

fe80::ce81:b1c:bd2c:69e%utun3 link#18 UHLI lo0

fe80::%utun5/64 fe80::aede:48ff:fe00:1122%utun5 UcI utun5

fe80::aede:48ff:fe00:1122%utun5 link#20 UHLI lo0

fe80::%en6/64 link#21 UCI en6

fe80::468:6880:91ff:1c42%en6 2a:77:f1:70:ca:de UHLI lo0

fe80::18c6:9bf6:5fd7:ad3b%en6 2a:77:f1:5c:da:78 UHLWI en6

fe80::%en8/64 link#22 UCI en8

fe80::746d:50ff:fe14:5577%en8 76:6d:50:14:55:77 UHLI lo0

fe80::746d:50ff:fe14:5588%en8 76:6d:50:14:55:88 UHLWIi en8

ff00::/8 ::1 UmCI lo0

ff00::/8 link#4 UmCI en5

ff00::/8 link#6 UmCI en0

ff00::/8 link#7 UmCI awdl0

ff00::/8 link#8 UmCI llw0

ff00::/8 link#13 UmCI en7

ff00::/8 fe80::5f36:bc68:4b1b:c4cf%utun0 UmCI utun0

ff00::/8 fe80::39b1:b7fa:3e9e:3e3%utun1 UmCI utun1

ff00::/8 fe80::3217:f35f:1b7a:45e9%utun2 UmCI utun2

ff00::/8 fe80::ce81:b1c:bd2c:69e%utun3 UmCI utun3

ff00::/8 fe80::aede:48ff:fe00:1122%utun5 UmCI utun5

ff00::/8 link#21 UmCI en6

ff00::/8 link#22 UmCI en8

ff01::%lo0/32 ::1 UmCI lo0

ff01::%en5/32 link#4 UmCI en5

ff01::%en0/32 link#6 UmCI en0

ff01::%en7/32 link#13 UmCI en7

ff01::%utun0/32 fe80::5f36:bc68:4b1b:c4cf%utun0 UmCI utun0

ff01::%utun1/32 fe80::39b1:b7fa:3e9e:3e3%utun1 UmCI utun1

ff01::%utun2/32 fe80::3217:f35f:1b7a:45e9%utun2 UmCI utun2

ff01::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 UmCI utun3

ff01::%utun5/32 fe80::aede:48ff:fe00:1122%utun5 UmCI utun5

ff01::%en6/32 link#21 UmCI en6

ff01::%en8/32 link#22 UmCI en8

ff02::%lo0/32 ::1 UmCI lo0

ff02::%en5/32 link#4 UmCI en5

ff02::%en0/32 link#6 UmCI en0

ff02::%en7/32 link#13 UmCI en7

ff02::%utun0/32 fe80::5f36:bc68:4b1b:c4cf%utun0 UmCI utun0

ff02::%utun1/32 fe80::39b1:b7fa:3e9e:3e3%utun1 UmCI utun1

ff02::%utun2/32 fe80::3217:f35f:1b7a:45e9%utun2 UmCI utun2

ff02::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 UmCI utun3

ff02::%utun5/32 fe80::aede:48ff:fe00:1122%utun5 UmCI utun5

ff02::%en6/32 link#21 UmCI en6

ff02::%en8/32 link#22 UmCI en8

Without VPN

Internet6:

Destination Gateway Flags Netif Expire

default fe80::%utun0 UGcIg utun0

default fe80::%utun1 UGcIg utun1

default fe80::%utun2 UGcIg utun2

default fe80::%utun3 UGcIg utun3

::1 ::1 UHL lo0

fe80::%lo0/64 fe80::1%lo0 UcI lo0

fe80::1%lo0 link#1 UHLI lo0

fe80::%en5/64 link#4 UCI en5

fe80::aede:48ff:fe00:1122%en5 ac:de:48:0:11:22 UHLI lo0

fe80::aede:48ff:fe33:4455%en5 ac:de:48:33:44:55 UHLWIi en5

fe80::aca4:26ff:fecd:4061%awdl0 ae:a4:26:cd:40:61 UHLI lo0

fe80::aca4:26ff:fecd:4061%llw0 ae:a4:26:cd:40:61 UHLI lo0

fe80::%en7/64 link#13 UCI en7

fe80::88a:6b8c:5606:52d2%en7 0:24:32:18:7c:1e UHLI lo0

fe80::1070:944d:afaa:41bb%en7 86:87:3e:f5:85:cb UHLWIi en7

fe80::2eea:dcff:fe4d:cb00%en7 2c:ea:dc:4d:cb:0 UHLWI en7

fe80::%utun0/64 fe80::5f36:bc68:4b1b:c4cf%utun0 UcI utun0

fe80::5f36:bc68:4b1b:c4cf%utun0 link#15 UHLI lo0

fe80::%utun1/64 fe80::39b1:b7fa:3e9e:3e3%utun1 UcI utun1

fe80::39b1:b7fa:3e9e:3e3%utun1 link#16 UHLI lo0

fe80::%utun2/64 fe80::3217:f35f:1b7a:45e9%utun2 UcI utun2

fe80::3217:f35f:1b7a:45e9%utun2 link#17 UHLI lo0

fe80::%utun3/64 fe80::ce81:b1c:bd2c:69e%utun3 UcI utun3

fe80::ce81:b1c:bd2c:69e%utun3 link#18 UHLI lo0

fe80::%en6/64 link#21 UCI en6

fe80::468:6880:91ff:1c42%en6 2a:77:f1:70:ca:de UHLI lo0

fe80::18c6:9bf6:5fd7:ad3b%en6 2a:77:f1:5c:da:78 UHLWI en6

fe80::%en8/64 link#22 UCI en8

fe80::746d:50ff:fe14:5577%en8 76:6d:50:14:55:77 UHLI lo0

fe80::746d:50ff:fe14:5588%en8 76:6d:50:14:55:88 UHLWIi en8

ff00::/8 ::1 UmCI lo0

ff00::/8 link#4 UmCI en5

ff00::/8 link#6 UmCI en0

ff00::/8 link#7 UmCI awdl0

ff00::/8 link#8 UmCI llw0

ff00::/8 link#13 UmCI en7

ff00::/8 fe80::5f36:bc68:4b1b:c4cf%utun0 UmCI utun0

ff00::/8 fe80::39b1:b7fa:3e9e:3e3%utun1 UmCI utun1

ff00::/8 fe80::3217:f35f:1b7a:45e9%utun2 UmCI utun2

ff00::/8 fe80::ce81:b1c:bd2c:69e%utun3 UmCI utun3

ff00::/8 link#21 UmCI en6

ff00::/8 link#22 UmCI en8

ff01::%lo0/32 ::1 UmCI lo0

ff01::%en5/32 link#4 UmCI en5

ff01::%en0/32 link#6 UmCI en0

ff01::%en7/32 link#13 UmCI en7

ff01::%utun0/32 fe80::5f36:bc68:4b1b:c4cf%utun0 UmCI utun0

ff01::%utun1/32 fe80::39b1:b7fa:3e9e:3e3%utun1 UmCI utun1

ff01::%utun2/32 fe80::3217:f35f:1b7a:45e9%utun2 UmCI utun2

ff01::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 UmCI utun3

ff01::%en6/32 link#21 UmCI en6

ff01::%en8/32 link#22 UmCI en8

ff02::%lo0/32 ::1 UmCI lo0

ff02::%en5/32 link#4 UmCI en5

ff02::%en0/32 link#6 UmCI en0

ff02::%en7/32 link#13 UmCI en7

ff02::%utun0/32 fe80::5f36:bc68:4b1b:c4cf%utun0 UmCI utun0

ff02::%utun1/32 fe80::39b1:b7fa:3e9e:3e3%utun1 UmCI utun1

ff02::%utun2/32 fe80::3217:f35f:1b7a:45e9%utun2 UmCI utun2

ff02::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 UmCI utun3

ff02::%en6/32 link#21 UmCI en6

ff02::%en8/32 link#22 UmCI en8

dbu · ‎04-02-2024

Yes what we are trying to add is an IPv4 static route.
I am expecting to see something like this in the routing table :

Destination Gateway Flags Netif Expire

192.168.5.50/32 192.168.1.1 UGScg en7

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.