Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sanderl
New Contributor III

Android Fortclient VPN not flowing any traffic

Android device (Samsung S21) with Forticlient VPN do connect successfully (100%), get an IP address and are connected but no traffic is going through.

 

Via Forticlient Windows everything works as expected and traffic is allowed and routed normally.

 

Policy lookup shows the correct policy.

 

What could be the reason that the android VPN client does connect but does not transfer any traffic?

 

- app was freshly uninstalled and installed.

- Forticlient VPN on windows PC works correctly.

- policy lookup shows correct policy when looking up.

- logging show SSL VPN client (both windows and adroid) is successfully connected

- both (windows client and android client) use same settings and user

- Nothing flows (testing with direct IP addresses and no DNS.

 

Is the Forticlient VPN on android broken?

 

Any directive?

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello Sanderi,

 

I have found this old Forum discussion:

 

https://community.fortinet.com/t5/Support-Forum/FortiClient-VPN-android-traffic-not-routing-through-...

 

Could you please have a look and tell me if it helped?


Regards,

Anthony-Fortinet Community Team.
sanderl
New Contributor III

So some progress. It seems hat after updating to fortios 7.0.x something changed in the sslvpn settings. After changing from middle to top setting all is fine again.

 

What is very weird is that this only had direct influence on the android VPN client and not the windows VPN client. Any direction on that?

sanderl_0-1670955311044.png

 

Markus_M

He Sanderl,

 

this would sound like the routing table on the Android is not done properly. This setting affects the DNS setting in the way that the DNS queries and traffic for internal sites are directed through the tunnel and everything else goes elsewhere.

With Android you might be able to check the "route -n" on a terminal app. You can also install an opensource packet capture called "pcapdroid". Capture traffic from one specific application only (it doesn't matter which one), and see whether the traffic is being responded to.

On FGT you should check if you see the traffic generated by the client (meant for internal destinations (traffic log, packet capture).

 

Best regards,

 

Markus

Markus_M

"route -n" might not work, use "ip route" instead, just tested.

Anthony_E
Community Manager
Community Manager

Hello sanderi,

 

I will forward your interrogation to an expert and will come back to you ASAP.

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors