Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
captainit
New Contributor

Created on ‎09-24-2024 10:42 AM

Many interfaces when using VPN

Hello,

We have a problem with our VPN.

We are experiencing an issue that occurs once every month, where employees (it changes - skipping between users) using only Mac computers come to the office (but happens also in their home wifi) and are unable to access internet when they are connected to VPN.

We use:
Forticlient vpn only free - last version

IPSEC VPN

When they try to ping servers/addresses: sendto no buffer space available

When it happens I see many interfaces with addresses of VPN (192.168.11.0/24). 
After disabling interface with VPN: ifconfig interface utun4 down - internet works!


 

Another user told me: WIFI works, VPN works. He leaves the computer, computer goes to sleep mode and after that Forticlient seems as connected but no internet!

Another user reported: I was on the train, using HOTSPOT and Forticlient. 

Close the lid (So internet was disconnected). Went to the Office, I was connected to Office's WIFI and had this problem of buffering.

 

Why are there many interfaces instead of just one? Why does FortiClient create multiple connections?

#Same user#Same user#Same user#Same user#Same user#Same user#Another user#Another user


Thanks

Labels:
1341
0 Kudos
29 REPLIES 29
captainit
New Contributor
In response to AEK

Created on ‎10-15-2024 12:46 PM

Yes but it happens also for other users once a month.

I cannot share the routing table because now it works perfectly. So it will not refelect the real peoblem.

And also when doing ifconfig when it happens we can see 2 interface of utnu with the same segment of the VPN.

I really do not know what to do.

And as said - script of killng Forticlient is not helping.

Please help. It happens at least 3-4 times for different MACs computers.

 

Thanks

271
0 Kudos
captainit
New Contributor
In response to AEK

Created on ‎10-17-2024 02:13 AM

Please help. I dont know what to do.

253
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎10-17-2024 02:40 AM

Hi Captain

I asked for the routing table but in your last message I think you said it works perfectly.

If there are some sensitive info that you can't share then you can blur them.

On the other hand, having a full tunnel after PC wake up may mean that a default route is being injected, while it shouldn't. We need confirmation from the output so we can move forward.

AEK
AEK
249
0 Kudos
captainit
New Contributor
In response to AEK

Created on ‎10-17-2024 03:23 AM

Hey,

Now we dont have a problem. Only one a month and I can't predict who will be the new one. Those people with the bugs are the same but most of the time they can work.

For example I dont have the problem now. Can I share with you my routing table before and after sleep even though I have never had this problem?

Thanks

243
0 Kudos
AEK
SuperUser
SuperUser
In response to captainit

Created on ‎10-17-2024 03:40 AM

The routing table must come from the affected node when you reproduce the error.

Once we understand well the issue you can for example make the right script to correct the issue.

AEK
AEK
236
0 Kudos
captainit
New Contributor
In response to AEK

Created on ‎10-17-2024 06:15 AM

Thanks. Just to make sure. To give you screenshot of netstat -r - before and after sleep (when it happens)?
Should I use another command to give you the right information?

Thanks

192
0 Kudos
AEK
SuperUser
SuperUser
In response to captainit

Created on ‎10-17-2024 10:56 AM

Yes, before sleep and after wake-up:

netstat -rn
ifconfig -a   (or equivalent)

 

AEK
AEK
163
0 Kudos
freya274
New Contributor

Created on ‎10-17-2024 03:32 AM

Using a VPN (Virtual Private Network) can sometimes present a variety of interfaces, depending on the service and platform you're using. Here are some common types of interfaces you might encounter while using a VPN:

  1. Desktop Application Interface: Most VPN services offer dedicated desktop applications for Windows, macOS, and Linux. These interfaces usually feature a user-friendly design with options to connect to different servers, change settings, and access features like kill switches and split tunneling.

  2. Mobile Application Interface: VPN apps for iOS and Android devices often have streamlined interfaces that cater to touchscreen use. They usually allow you to quickly connect or disconnect from the VPN, switch servers, and adjust settings on the go.

  3. Browser Extensions: Some VPN services offer browser extensions for Chrome, Firefox, and other browsers. These interfaces are typically simpler, focusing on quick connections and settings that affect only the browsing experience.

  4. Web-Based Dashboard: Many VPN providers have a web-based dashboard where you can manage your account, view connection logs, and configure settings. This interface usually provides an overview of your VPN usage and allows for easy management of multiple devices.

  5. Router Interface: If you're using a VPN on your router, the interface will vary based on the router brand and firmware. This setup can protect all devices connected to your network but may require more technical knowledge to configure.

  6. Command-Line Interface (CLI): For advanced users, some VPN services offer a CLI option, especially for Linux users. This interface allows for greater control over settings and can be more efficient for users comfortable with command-line operations.

Conclusion

The variety of interfaces when using a VPN allows for flexibility and caters to different user preferences. Whether you're a beginner or an experienced user, it's essential to choose a VPN service with an interface that you find intuitive and easy to navigate. Always check reviews and user feedback to ensure the interface aligns with your needs.

240
0 Kudos
captainit
New Contributor

Created on ‎10-17-2024 06:32 AM

I have Forticlient IPSEC  - how can I know?

188
0 Kudos
captainit
New Contributor

Created on ‎10-28-2024 03:16 AM

 

Hello, Unfourtnaely the problem appears again with MAC computer after sleeping mode - our VPN segment is 192.168.11.200-230

Hello, It happens again:
Routing table:
Link to routing table 

It happens after waking up from sleep mode :(

Please help

27
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.