Hello,
We have a problem with our VPN.
We are experiencing an issue that occurs once every month, where employees (it changes - skipping between users) using only Mac computers come to the office (but happens also in their home wifi) and are unable to access internet when they are connected to VPN.
We use:
Forticlient vpn only free - last version
IPSEC VPN
When they try to ping servers/addresses: sendto no buffer space available
When it happens I see many interfaces with addresses of VPN (192.168.11.0/24).
After disabling interface with VPN: ifconfig interface utun4 down - internet works!
Another user told me: WIFI works, VPN works. He leaves the computer, computer goes to sleep mode and after that Forticlient seems as connected but no internet!
Another user reported: I was on the train, using HOTSPOT and Forticlient.
Close the lid (So internet was disconnected). Went to the Office, I was connected to Office's WIFI and had this problem of buffering.
Why are there many interfaces instead of just one? Why does FortiClient create multiple connections?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes but it happens also for other users once a month.
I cannot share the routing table because now it works perfectly. So it will not refelect the real peoblem.
And also when doing ifconfig when it happens we can see 2 interface of utnu with the same segment of the VPN.
I really do not know what to do.
And as said - script of killng Forticlient is not helping.
Please help. It happens at least 3-4 times for different MACs computers.
Thanks
Please help. I dont know what to do.
Hi Captain
I asked for the routing table but in your last message I think you said it works perfectly.
If there are some sensitive info that you can't share then you can blur them.
On the other hand, having a full tunnel after PC wake up may mean that a default route is being injected, while it shouldn't. We need confirmation from the output so we can move forward.
Hey,
Now we dont have a problem. Only one a month and I can't predict who will be the new one. Those people with the bugs are the same but most of the time they can work.
For example I dont have the problem now. Can I share with you my routing table before and after sleep even though I have never had this problem?
Thanks
The routing table must come from the affected node when you reproduce the error.
Once we understand well the issue you can for example make the right script to correct the issue.
Thanks. Just to make sure. To give you screenshot of netstat -r - before and after sleep (when it happens)?
Should I use another command to give you the right information?
Thanks
Yes, before sleep and after wake-up:
netstat -rn
ifconfig -a (or equivalent)
I have Forticlient IPSEC - how can I know?
Hello, Unfourtnaely the problem appears again with MAC computer after sleeping mode - our VPN segment is 192.168.11.200-230
Hello, It happens again:
Routing table:
Link to routing table
It happens after waking up from sleep mode :(
Please help
Please help
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.