Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BigMike
New Contributor II

Created on ‎11-15-2023 06:10 PM

Internet down after using Forticlient VPN

    I am using win10 and using FortiClient VPN Only version. When I connect the vpn, my internet down and no one can use remote desktop to connect my PC either.

   There is a post discussed it: https://community.fortinet.com/t5/Support-Forum/Lost-internet-connection-when-using-forticlient/td-p... 

   I checked the route table and there is one new route for 0.0.0.0, so there are two 0.0.0.0 routes.

   But when I try to use 'route delete 0.0.0.0' command according to the post , it only delete the system default one, and cannot delete the one which VPN client add.

  So I googled this post:windows - Can't change routes with VPN Client - Super User.

  It has the same issue and he found the reason is " I examined the issue with Rohitab and found out FortiSSL Client watches the routes table with the NotifyRouteChange IP Helper API call."

  His conclusion is Forticlient vpn will monitor the route table and fix it automatically.

 

  I am not network expert, just an normal user, I dont know to do with it. I even cannot judge if the problem is caused by the route table.

 

  Can anyone give some hints?

 

  Thanks

FortiClient 

  

   Can you give some hints?

Labels:
1689
0 Kudos
13 REPLIES 13
AEK
SuperUser
SuperUser

Created on ‎11-16-2023 12:02 AM

Most probably caused by the default route injected by VPN.

This behavior can be disabled at your client side (with most VPN clients) or at VPN server side.

E.g.: On your FortiGate, you can enable Split Tunneling on your SSL-VPN portal not to inject default route.

AEK
AEK
1272
sw2090
Honored Contributor

Created on ‎11-16-2023 01:01 AM

not sure if you can prevent FortiClient from doing that. Anyways it would not make sense because in this case it would render your vpn useless because it will not be hit by any traffic without a route.

I'd recommend to change the other end of that VPN Tunnel to do split tunneling so it wouldn't inject any new default route but routes to the specified subnet(s).

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1261
smayank
Staff
Staff

Created on ‎11-16-2023 01:48 AM

Hello 

When you connect to SSL VPN firewall push routes towards the client .

In your case firewall might be pushing default right from ssl vpn tunnel
you can check internally and configure split tunnel.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Thanks & Regards
Mayank Sharma

1251
BigMike
New Contributor II
In response to smayank

Created on ‎11-16-2023 07:04 AM

I also notice when I connect the VPN, the other cannot use Remote Desktop(RDP) to connect my PC, is it also split-tunnel issue?

1228
0 Kudos
AEK
SuperUser
SuperUser
In response to BigMike

Created on ‎11-16-2023 09:35 AM

  • "No" if the client is on the same network as the server
  • "Yes" if the client is on another network, because response from server will be sent through the wrong default gateway (VPN GW)
AEK
AEK
1204
0 Kudos
BigMike
New Contributor II
In response to AEK

Created on ‎11-16-2023 07:36 PM

My pc is on the different network with the server which I need vpn to connect .

Is there anyway that I can add some route manually so my pc still can be accessed by RDP from other pc? I mean, after connect VPN, someone still can use RDP to connect my pc?

1171
0 Kudos
AEK
SuperUser
SuperUser
In response to BigMike

Created on ‎11-17-2023 03:46 AM

In order to do that, you need to remove the default route that was injected by VPN.

AEK
AEK
1147
0 Kudos
BigMike
New Contributor II
In response to smayank

Created on ‎11-16-2023 07:06 AM

Hi,

I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?

Snipaste_2023-11-16_23-05-32.jpg

1227
0 Kudos
BigMike
New Contributor II

Created on ‎11-16-2023 06:49 AM Edited on ‎11-16-2023 07:07 AM

Hi,

I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?

 

Snipaste_2023-11-16_23-05-32.jpg

1230
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.