Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
captainit
New Contributor

Created on ‎09-24-2024 10:42 AM

Many interfaces when using VPN

Hello,

We have a problem with our VPN.

We are experiencing an issue that occurs once every month, where employees (it changes - skipping between users) using only Mac computers come to the office (but happens also in their home wifi) and are unable to access internet when they are connected to VPN.

We use:
Forticlient vpn only free - last version

IPSEC VPN

When they try to ping servers/addresses: sendto no buffer space available

When it happens I see many interfaces with addresses of VPN (192.168.11.0/24). 
After disabling interface with VPN: ifconfig interface utun4 down - internet works!


 

Another user told me: WIFI works, VPN works. He leaves the computer, computer goes to sleep mode and after that Forticlient seems as connected but no internet!

Another user reported: I was on the train, using HOTSPOT and Forticlient. 

Close the lid (So internet was disconnected). Went to the Office, I was connected to Office's WIFI and had this problem of buffering.

 

Why are there many interfaces instead of just one? Why does FortiClient create multiple connections?

#Same user#Same user#Same user#Same user#Same user#Same user#Another user#Another user


Thanks

Labels:
1728
0 Kudos
34 REPLIES 34
AEK
SuperUser
SuperUser

Created on ‎09-24-2024 02:09 PM

Hi CaptainIT

If it is full tunnel then I guess the active default route is pointing to the wrong tunnel interface, and when you disable it then the default route points to the right interface.

And regarding the multiple interface creation, do you confirm that it creates one new interface each time you initiate a new VPN connection? Or does it create them all at once?

Can you also check if the below access rights are provided:

https://docs.fortinet.com/document/forticlient/7.4.0/macos-release-notes/223986/special-notices

 

AEK
AEK
736
captainit
New Contributor
In response to AEK

Created on ‎09-24-2024 11:19 PM

Hello,
If it is full tunnel then I guess the active default route is pointing to the wrong tunnel interface, and when you disable it then the default route points to the right interface - what can I do please to fix it? I have full tunnel


And regarding the multiple interface creation, do you confirm that it creates one new interface each time you initiate a new VPN connection? Or does it create them all at once?  It creates one when people using FortiClient normally without any problem and when they problem we see multiple interfaces.

Can you also check if the below access rights are provided - Checked - they have permission.


What can I do please in order to solve this problem ?

Thanks

 

 

 

 

694
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎09-25-2024 12:10 AM

Hi

Which MacOS version?

AEK
AEK
690
captainit
New Contributor
In response to AEK

Created on ‎09-25-2024 12:14 AM

All the users with Somoma 

683
0 Kudos
AEK
SuperUser
SuperUser
In response to captainit

Created on ‎09-25-2024 12:30 AM

Can you try an older FCT version like 7.0.13 or 7.2.5?

AEK
AEK
680
captainit
New Contributor
In response to AEK

Created on ‎09-25-2024 03:21 AM

I installed for two users: FortiClientVPNSetup_7.2.0.0655_macosx today.
Now I need to wait and see what happens. Do you have any idea what we could do more?

Thanks

650
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎09-25-2024 03:45 AM

Is much better to use 7.2.5 instead 7.2.0.

7.2.5 is more stable and has much less issues.

AEK
AEK
641
captainit
New Contributor
In response to AEK

Created on ‎09-25-2024 03:54 AM Edited on ‎09-25-2024 03:55 AM

I reinstall to 7.2.5 as you wrote. What could be the reason it happens?
Thanks

636
0 Kudos
AEK
SuperUser
SuperUser
In response to captainit

Created on ‎09-25-2024 04:00 AM

I didn't find such known issues in the release notes, so it needs more troubleshooting in order to find the root case.

It is possible that FortiClient is not able to do tunnel interface cleanup (removal) when a VPN session is closed.

You can check in both system event logs and in FortiClient event logs.

If you find something relevant you can share and we'll try to help.

AEK
AEK
631
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.