Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
captainit
New Contributor II

Many interfaces when using VPN

Hello,

We have a problem with our VPN.

We are experiencing an issue that occurs once every month, where employees (it changes - skipping between users) using only Mac computers come to the office (but happens also in their home wifi) and are unable to access internet when they are connected to VPN.

We use:
Forticlient vpn only free - last version

IPSEC VPN

When they try to ping servers/addresses: sendto no buffer space available

When it happens I see many interfaces with addresses of VPN (192.168.11.0/24). 
After disabling interface with VPN: ifconfig interface utun4 down - internet works!


 

Another user told me: WIFI works, VPN works. He leaves the computer, computer goes to sleep mode and after that Forticlient seems as connected but no internet!

Another user reported: I was on the train, using HOTSPOT and Forticlient. 

Close the lid (So internet was disconnected). Went to the Office, I was connected to Office's WIFI and had this problem of buffering.

 

Why are there many interfaces instead of just one? Why does FortiClient create multiple connections?

#Same user#Same user#Same user#Same user#Same user#Same user#Another user#Another user


Thanks

37 REPLIES 37
captainit
New Contributor II

Yes but it happens also for other users once a month.

I cannot share the routing table because now it works perfectly. So it will not refelect the real peoblem.

And also when doing ifconfig when it happens we can see 2 interface of utnu with the same segment of the VPN.

I really do not know what to do.

And as said - script of killng Forticlient is not helping.

Please help. It happens at least 3-4 times for different MACs computers.

 

Thanks

captainit
New Contributor II

Please help. I dont know what to do.

AEK
SuperUser
SuperUser

Hi Captain

I asked for the routing table but in your last message I think you said it works perfectly.

If there are some sensitive info that you can't share then you can blur them.

On the other hand, having a full tunnel after PC wake up may mean that a default route is being injected, while it shouldn't. We need confirmation from the output so we can move forward.

AEK
AEK
captainit
New Contributor II

Hey,

Now we dont have a problem. Only one a month and I can't predict who will be the new one. Those people with the bugs are the same but most of the time they can work.

For example I dont have the problem now. Can I share with you my routing table before and after sleep even though I have never had this problem?

Thanks

AEK

The routing table must come from the affected node when you reproduce the error.

Once we understand well the issue you can for example make the right script to correct the issue.

AEK
AEK
captainit
New Contributor II

Thanks. Just to make sure. To give you screenshot of netstat -r - before and after sleep (when it happens)?
Should I use another command to give you the right information?

Thanks

AEK

Yes, before sleep and after wake-up:

netstat -rn
ifconfig -a (or equivalent)

 

AEK
AEK
captainit
New Contributor II

I have Forticlient IPSEC  - how can I know?

captainit
New Contributor II

 

Hello, Unfourtnaely the problem appears again with MAC computer after sleeping mode - our VPN segment is 192.168.11.200-230

Hello, It happens again:
Routing table:
Link to routing table 

It happens after waking up from sleep mode :(

Please help

captainit
New Contributor II

Please help

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors