Internet down after using Forticlient VPN

BigMike · ‎11-15-2023

I am using win10 and using FortiClient VPN Only version. When I connect the vpn, my internet down and no one can use remote desktop to connect my PC either.

There is a post discussed it: https://community.fortinet.com/t5/Support-Forum/Lost-internet-connection-when-using-forticlient/td-p...

I checked the route table and there is one new route for 0.0.0.0, so there are two 0.0.0.0 routes.

But when I try to use 'route delete 0.0.0.0' command according to the post , it only delete the system default one, and cannot delete the one which VPN client add.

So I googled this post:windows - Can't change routes with VPN Client - Super User.

It has the same issue and he found the reason is " I examined the issue with Rohitab and found out FortiSSL Client watches the routes table with the NotifyRouteChange IP Helper API call."

His conclusion is Forticlient vpn will monitor the route table and fix it automatically.

I am not network expert, just an normal user, I dont know to do with it. I even cannot judge if the problem is caused by the route table.

Can anyone give some hints?

Thanks

FortiClient

Can you give some hints?

AEK · ‎11-16-2023

Most probably caused by the default route injected by VPN.

This behavior can be disabled at your client side (with most VPN clients) or at VPN server side.

E.g.: On your FortiGate, you can enable Split Tunneling on your SSL-VPN portal not to inject default route.

AEK

sw2090 · ‎11-16-2023

not sure if you can prevent FortiClient from doing that. Anyways it would not make sense because in this case it would render your vpn useless because it will not be hit by any traffic without a route.

I'd recommend to change the other end of that VPN Tunnel to do split tunneling so it wouldn't inject any new default route but routes to the specified subnet(s).

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

smayank · ‎11-16-2023

Hello

When you connect to SSL VPN firewall push routes towards the client .

In your case firewall might be pushing default right from ssl vpn tunnel
you can check internally and configure split tunnel.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Thanks & Regards
Mayank Sharma

BigMike · ‎11-16-2023

I also notice when I connect the VPN, the other cannot use Remote Desktop(RDP) to connect my PC, is it also split-tunnel issue?

AEK · ‎11-16-2023

"No" if the client is on the same network as the server
"Yes" if the client is on another network, because response from server will be sent through the wrong default gateway (VPN GW)

AEK

BigMike · ‎11-16-2023

My pc is on the different network with the server which I need vpn to connect .

Is there anyway that I can add some route manually so my pc still can be accessed by RDP from other pc? I mean, after connect VPN, someone still can use RDP to connect my pc?

AEK · ‎11-17-2023

In order to do that, you need to remove the default route that was injected by VPN.

AEK

BigMike · ‎11-16-2023

Hi,

I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?

BigMike · ‎11-16-2023

Hi,

I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?

Internet down after using Forticlient VPN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website