Hi all,
I have recently installed FortiClient VPN (version 6.2.0.0780) onto my personal computer, so that I can access a remote work computer via Remote Desktop Connection.
My VPN settings are:
- IPsec VPN with a pre-shared key
- Version 1
- Mode Aggressive
- Options Config
When the the VPN successfully connects, I automatically lose internet on the personal computer. How can I maintain my VPN connection without losing internet on the on the personal computer?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
As I understand you're unable to access internet when connected to VPN, it happens when split tunneling is disabled in VPN configuration. Enable Split tunnel and check, please refer to the below article regarding this:
https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiClient-Dialup-IPsec-VPN-Split-Tunnel...
Best Regards,
Abhimanyu
Is there any policy created for tunnel users to access the internet?
Regards,
Nope there isn't.
Hmm...when you say split tunneling, would that mean switching from Options (Mode Config) to (DHCP over IPsec)?
A split tunnel is an option on the firewall where you define which all destination addresses will be routed via FortiGate and the rest will be routed via your local connection.
With this setup, your computer will have only routes mentioned into the split tunnel addresses upon successful VPN connection.
This is most likely a part of your problem.
Please check this:
Hi heelsamusing,
Since, you are using a Dialup tunnel, make sure you have split tunnel disabled. On FortiGate, go to the respective tunnel config under VPN > IPsec tunnels > Edit the Network config and check whether Split tunnel is enabled or disabled.
If it is enabled, kindly disable and check whether you have a policy from dialup tunnel to WAN interface.
If the configuration is fine as mentioned above, check if you are able to ping 8.8.8.8 from the machine, check the DNS resolution. If it still doesn't works then share the output of below commands-
diag deb reset
diag deb flow filter addr x.x.x.x
diag deb flow trace start 100
diag deb en
where x.x.x.x is any public IP other than 8.8.8.8 for which traffic is not initiated by any other machine
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.