FortiClient VPN SSL VPN
-
Hi all,
I have a FortiClient VPN SSL VPN connection from work, and after I connect to our company vpn which connects fine, some of our links in our company do not work. I need to figure out why.
Any ideas ?
-
@jf-2600hz
Possibly you have address conflicts / overlapping networks at home an at the company. -
@viragomann Im being told it is something in the vpn section of the pfsense that I need to set up. But the question is what ?
-
@jf-2600hz
What has pfSense to do with the Forti VPN? -
@viragomann well my work applications do not work properly since I has installed my pfsense. When I hookup my laptop to my cellphone LTE connection everything works fine.
-
@jf-2600hz
So what exactly does not work? Specific websites, applications, protocols, ports, IPs?? -
@viragomann website redirects. We use OsTicket for our ticket system and via Ostickets, there are links that auto log us into our different telephony servers depending on our customer
-
This is from our Network engineer but he has never used pfsense
you'll need to make any routes that are obtained via the SSL VPN are propogated to the main route table.
Do you know how to do this ?
-
@jf-2600hz
Routes can be added in System > Routing. You may have to add a gateway before you can use it for routing.But still not clear, why you should add routes to pfSense. When you establish a VPN from a device behind pfSense, all needed routes for the VPN gateway should be set on the devices itself. This traffic should never pass pfSense. Only the outer VPN packets pass the router.
-
Im really not sure at this point. because my vpn works, its just certain links (URLs) that do not work now. I will keep on digging
-
Mmm, the only way this makes much sense would be if you're using pfSense itself as the VPN client? But the way this reads you're connecting to the remote Fortinet server from a client behind pfSense? In which case only some local subnet conflict could really be doing anything.
Steve
-
@stephenw10 Hi Steve, that is correct. My PC is behind the pfSense, and to connect to my work applications I need to connect to my FortiClient. Would I need to set up an OpenVPN in psfense to replace the forticlient by using its credentials ?
Should I be modifying my local subnets ? My network engineer was saying that I need to vpn dynamic routes to propagate in the pfsense which I do not see them
-
No, you should be able to connect the FortiClient on the PC through pfSense to the external server. pfSense will just pass that encrypted traffic and cannot affect it.
I would expect it to 'just work'. Routes sent to the client from the server only affect the client. If it's refusing those routes for some reason it's probably some local conflict. Again though pfSense has no affect there.
Fortinet SSL VPN does not appear to be OpenVPN so you cannot connect to it from pfSense directly.Steve
-
@stephenw10 Ok I understand. Any hints on what type of local conflict could be causing the issue.
-
What is your local subnet on LAN?
What subnets are you unable to connect to?
Look for a conflict. So, for example, if your LAN is set to use a /16 subnet mask you would be unable to connect to anything remotely that fell within that.
Your LAN should not use /16 but it's a relatively common setup error.Steve
-
@stephenw10 I had set up a 192.168.99.1/24 and then tried 192.168.1.1/24 same affect.
When I connect to my Forticlient I get IP Address
10.212.134.182 -
Ok, well no conflict there directly. What other routes are passed to the client when it connects though?
What addresses are you trying to reach that fail?Steve
-
@jf-2600hz
The clients routing table can give more details.
In Windows shell runroute printand provide the output.
-
Not sure what I did, but I accidently locked myself out, so I redid a new build and everything is working fine now. Thanks for your help !!
