Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BigMike
New Contributor II

Internet down after using Forticlient VPN

    I am using win10 and using FortiClient VPN Only version. When I connect the vpn, my internet down and no one can use remote desktop to connect my PC either.

   There is a post discussed it: https://community.fortinet.com/t5/Support-Forum/Lost-internet-connection-when-using-forticlient/td-p... 

   I checked the route table and there is one new route for 0.0.0.0, so there are two 0.0.0.0 routes.

   But when I try to use 'route delete 0.0.0.0' command according to the post , it only delete the system default one, and cannot delete the one which VPN client add.

  So I googled this post:windows - Can't change routes with VPN Client - Super User.

  It has the same issue and he found the reason is " I examined the issue with Rohitab and found out FortiSSL Client watches the routes table with the NotifyRouteChange IP Helper API call."

  His conclusion is Forticlient vpn will monitor the route table and fix it automatically.

 

  I am not network expert, just an normal user, I dont know to do with it. I even cannot judge if the problem is caused by the route table.

 

  Can anyone give some hints?

 

  Thanks

FortiClient 

  

   Can you give some hints?

13 REPLIES 13
AEK
Honored Contributor

Most probably caused by the default route injected by VPN.

This behavior can be disabled at your client side (with most VPN clients) or at VPN server side.

E.g.: On your FortiGate, you can enable Split Tunneling on your SSL-VPN portal not to inject default route.

AEK
AEK
sw2090
Honored Contributor

not sure if you can prevent FortiClient from doing that. Anyways it would not make sense because in this case it would render your vpn useless because it will not be hit by any traffic without a route.

I'd recommend to change the other end of that VPN Tunnel to do split tunneling so it wouldn't inject any new default route but routes to the specified subnet(s).

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
smayank
Staff
Staff

Hello 

When you connect to SSL VPN firewall push routes towards the client .

In your case firewall might be pushing default right from ssl vpn tunnel
you can check internally and configure split tunnel.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Thanks & Regards
Mayank Sharma

BigMike
New Contributor II

I also notice when I connect the VPN, the other cannot use Remote Desktop(RDP) to connect my PC, is it also split-tunnel issue?

AEK
Honored Contributor

  • "No" if the client is on the same network as the server
  • "Yes" if the client is on another network, because response from server will be sent through the wrong default gateway (VPN GW)
AEK
AEK
BigMike
New Contributor II

My pc is on the different network with the server which I need vpn to connect .

Is there anyway that I can add some route manually so my pc still can be accessed by RDP from other pc? I mean, after connect VPN, someone still can use RDP to connect my pc?

AEK
Honored Contributor

In order to do that, you need to remove the default route that was injected by VPN.

AEK
AEK
BigMike
New Contributor II

Hi,

I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?

Snipaste_2023-11-16_23-05-32.jpg

BigMike
New Contributor II

Hi,

I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?

 

Snipaste_2023-11-16_23-05-32.jpg

Top Kudoed Authors