Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
captainit
New Contributor II

Many interfaces when using VPN

Hello,

We have a problem with our VPN.

We are experiencing an issue that occurs once every month, where employees (it changes - skipping between users) using only Mac computers come to the office (but happens also in their home wifi) and are unable to access internet when they are connected to VPN.

We use:
Forticlient vpn only free - last version

IPSEC VPN

When they try to ping servers/addresses: sendto no buffer space available

When it happens I see many interfaces with addresses of VPN (192.168.11.0/24). 
After disabling interface with VPN: ifconfig interface utun4 down - internet works!


 

Another user told me: WIFI works, VPN works. He leaves the computer, computer goes to sleep mode and after that Forticlient seems as connected but no internet!

Another user reported: I was on the train, using HOTSPOT and Forticlient. 

Close the lid (So internet was disconnected). Went to the Office, I was connected to Office's WIFI and had this problem of buffering.

 

Why are there many interfaces instead of just one? Why does FortiClient create multiple connections?

#Same user#Same user#Same user#Same user#Same user#Same user#Another user#Another user


Thanks

36 REPLIES 36
AEK
SuperUser
SuperUser

Hi CaptainIT

If it is full tunnel then I guess the active default route is pointing to the wrong tunnel interface, and when you disable it then the default route points to the right interface.

And regarding the multiple interface creation, do you confirm that it creates one new interface each time you initiate a new VPN connection? Or does it create them all at once?

Can you also check if the below access rights are provided:

https://docs.fortinet.com/document/forticlient/7.4.0/macos-release-notes/223986/special-notices

 

AEK
AEK
captainit
New Contributor II

Hello,
If it is full tunnel then I guess the active default route is pointing to the wrong tunnel interface, and when you disable it then the default route points to the right interface - what can I do please to fix it? I have full tunnel


And regarding the multiple interface creation, do you confirm that it creates one new interface each time you initiate a new VPN connection? Or does it create them all at once?  It creates one when people using FortiClient normally without any problem and when they problem we see multiple interfaces.

Can you also check if the below access rights are provided - Checked - they have permission.


What can I do please in order to solve this problem ?

Thanks

 

 

 

 

AEK
SuperUser
SuperUser

Hi

Which MacOS version?

AEK
AEK
captainit
New Contributor II

All the users with Somoma 

AEK

Can you try an older FCT version like 7.0.13 or 7.2.5?

AEK
AEK
captainit
New Contributor II

I installed for two users: FortiClientVPNSetup_7.2.0.0655_macosx today.
Now I need to wait and see what happens. Do you have any idea what we could do more?

Thanks

AEK

Is much better to use 7.2.5 instead 7.2.0.

7.2.5 is more stable and has much less issues.

AEK
AEK
captainit
New Contributor II

I reinstall to 7.2.5 as you wrote. What could be the reason it happens?
Thanks

AEK

I didn't find such known issues in the release notes, so it needs more troubleshooting in order to find the root case.

It is possible that FortiClient is not able to do tunnel interface cleanup (removal) when a VPN session is closed.

You can check in both system event logs and in FortiClient event logs.

If you find something relevant you can share and we'll try to help.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors