Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Icebun
New Contributor III

Incorrect routing table entry when SSL VPN is establised

I have a situation affecting some Dell Latitude Laptops (54xx series).

 

When the VPN is established, there is an incorrect routing entry in the Windows 10 table for our LAN resources where the Gateway points to the IP address of the users home router rather than the VPN interface IP.

 

Manually deleting the route fixes the issue but that requires elevated privileges so not practical.

 

Ticket officially logged but just wondering if anyone has experienced this before?

 

The only way around is to create some sort of windows scheduled task that will run the delete route command with elevated permissions.

 

The problem I am having with this is to capture the right trigger as the VPN is established, either in event viewer or some process running in Task Manager.

 

Can anyone help with identifying any of the above as well?

 

 

 

13 REPLIES 13
Debbie_FTNT
Staff
Staff

Hey Icebun,

I can't say that I've ever come across such an issue before - I'm sometimes using a Dell Latitude (though 74xx series) myself, with Windows 10 and FortiClient 7.0.2, and not having any issues.

Are you using split-tunneling? I'm not; my default route is through VPN when that's up and running (with metric 1 - the local WiFi default route is metric 50), and traffic is being routed exactly as intended.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Icebun
New Contributor III

Hi Debbie, 

Yes we are using Split Tunnelling and the issue is only specific to new Dell Laptops.

Another option I am currently exploring is maintaining Split Tunnelling but on the FortiGate FW, explicitly add in all the Routing Addresses under

VPN > SSL-VPN-Portals > Routing Address

Using Cloud EMS so only running 6.4.x FortiClient as the latest.

 

 

 

EEHC

I recommend you do it this way.

SSL-VPN Portal
Split tunneling>>>Enabled Based on Policy DestinationDNS Split Tunneling>>>DNS Split Tunneling
The FortiClient network driver will intercept DNS requests; if they match the split-dns listed, the DNS request will go across the tunnel and be resolved by the specified DNS servers.

It works well with me.

Take into consideration that FortiClient gets the configuration during it connects. If you do changes disconnect and connect again.

EEHC
EEHC
EEHC

Sorry, words were joined.

SL-VPN Portal
Split tunneling>>>Enabled Based on Policy Destination

DNS Split Tunneling>>>DNS Split Tunneling

I followed this

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-DNS-support-for-SSL-VPN/ta-p/194766

EEHC
EEHC
Patrick42110
New Contributor

Hello, i had problem too, i resolve after remove sofware include in image base DELL.

Go in programs and features , and remove Software Connectexpress drivers of "rivet software"

 

wberger

I could hug you right now!!! I've spent hours looking for a resolution to this. I went ahead and uninstalled Dell Optimizer which in turn removed the ExpressConnect Drivers and Services.

ashen

Good one @Patrick42110 . How did you find this was the RC?

Icebun
New Contributor III

Thanks everyone for the replies.

 

@Patrick42110 it is interesting to know about the Connect Express Driver for the future.

 

In the end, I had to hard code the Routing Addresses as shown here which resolved my issue.

Icebun_0-1649666213375.png

 

Sunwest
New Contributor

Interestingly I had to do the same thing and manually specify individual routing addresses. When adding the entire subnet (as was defined in the rules anyway), it didn't work. 

Worth noting the two users I had this problem with were also using Dell laptops.

Labels
Top Kudoed Authors