FortiVPN 7.4.0.1645 to create unrequested default route on Mac OS

dcarrer · ‎10-29-2024

Hi,

we have a colleague that wasn't able to connect to our VPN due to a unrequested route added by

7.4.0.1645 version of FortiVPN VPN-ONLY client.

default via 192.168.1.254 dev en6
default via 192.168.1.254 dev en0
default dev utun13 scope link #this is wrong

Could this be a bug or a misconfiguration?

Regards,

Dimitri

AEK · ‎10-29-2024

If split DNS is disabled then a default gateway through the tunnel will be pushed to the client's routing table.

If the other clients are split tunnel then they are probably assigned another portal config.

AEK

View solution in original post

AEK · ‎10-29-2024

Hello Dimitri

Is split tunnel disabled on the related VPN portal config?

Is there a firewall rule allowing VPN client to access "all" as destination?

AEK

dcarrer · ‎10-29-2024

Hi Aek,

thanks for replying.

DNS split tunneling is disable, this issue is not present in release 7.0, which now the user have, we are a division with around 150 users connecting via our client and this is, as far as I know, the first instance of this issue.

VPN access is split into 3 main areas and we have huge network segmentation (100+ VLANs), so since everybody has been working fine I don't think that's the area to investigate. No further modifications were made, it's just 1 client popping out with an extra route there with the 7.4 version.

AEK · ‎10-29-2024

If split DNS is disabled then a default gateway through the tunnel will be pushed to the client's routing table.

If the other clients are split tunnel then they are probably assigned another portal config.

AEK

dcarrer · ‎10-30-2024

VPN wise we have just 3 networks but this is the main one almost everybody uses

FortiVPN 7.4.0.1645 to create unrequested default route on Mac OS

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website