- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Incorrect routing table entry when SSL VPN is establised
I have a situation affecting some Dell Latitude Laptops (54xx series).
When the VPN is established, there is an incorrect routing entry in the Windows 10 table for our LAN resources where the Gateway points to the IP address of the users home router rather than the VPN interface IP.
Manually deleting the route fixes the issue but that requires elevated privileges so not practical.
Ticket officially logged but just wondering if anyone has experienced this before?
The only way around is to create some sort of windows scheduled task that will run the delete route command with elevated permissions.
The problem I am having with this is to capture the right trigger as the VPN is established, either in event viewer or some process running in Task Manager.
Can anyone help with identifying any of the above as well?
- Labels:
-
FortiClient
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Icebun,
I can't say that I've ever come across such an issue before - I'm sometimes using a Dell Latitude (though 74xx series) myself, with Windows 10 and FortiClient 7.0.2, and not having any issues.
Are you using split-tunneling? I'm not; my default route is through VPN when that's up and running (with metric 1 - the local WiFi default route is metric 50), and traffic is being routed exactly as intended.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Debbie,
Yes we are using Split Tunnelling and the issue is only specific to new Dell Laptops.
Another option I am currently exploring is maintaining Split Tunnelling but on the FortiGate FW, explicitly add in all the Routing Addresses under
VPN > SSL-VPN-Portals > Routing Address
Using Cloud EMS so only running 6.4.x FortiClient as the latest.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recommend you do it this way.
SSL-VPN Portal
Split tunneling>>>Enabled Based on Policy DestinationDNS Split Tunneling>>>DNS Split Tunneling
The FortiClient network driver will intercept DNS requests; if they match the split-dns listed, the DNS request will go across the tunnel and be resolved by the specified DNS servers.
It works well with me.
Take into consideration that FortiClient gets the configuration during it connects. If you do changes disconnect and connect again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, words were joined.
SL-VPN Portal
Split tunneling>>>Enabled Based on Policy Destination
DNS Split Tunneling>>>DNS Split Tunneling
I followed this
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-DNS-support-for-SSL-VPN/ta-p/194766
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, i had problem too, i resolve after remove sofware include in image base DELL.
Go in programs and features , and remove Software Connectexpress drivers of "rivet software"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I could hug you right now!!! I've spent hours looking for a resolution to this. I went ahead and uninstalled Dell Optimizer which in turn removed the ExpressConnect Drivers and Services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good one @Patrick42110 . How did you find this was the RC?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks everyone for the replies.
@Patrick42110 it is interesting to know about the Connect Express Driver for the future.
In the end, I had to hard code the Routing Addresses as shown here which resolved my issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interestingly I had to do the same thing and manually specify individual routing addresses. When adding the entire subnet (as was defined in the rules anyway), it didn't work.
Worth noting the two users I had this problem with were also using Dell laptops.