CARP + Forticlient SSLVPN random disconnect

  • I'm running PFSense 2.4.5-RELEASE (amd64) HA with CARP setup. Noticed something very strange when working with Fortinet SSLVPN.

    When there was only one single PFSense (No HA), I can use the FortiClient software to dial SSLVPN to my other network, and it works fine.

    After successfully setting up HA, the SSLVPN connects but once there is traffic going on over the SSLVPN, it get random disconnection and I don't see any log in firewall or Suricata Alert. The FortiClient log also just says "Disconnect" but no other valuable info.

    Strangely if I goto PFSense Master Node / Status / CARP --> Enable Maintenance Mode, the SSLVPN works great and will not disconnect.

    Once I disable the Maintenance Mode my SSLVPN get's random disconnect.

    Is this a bug or any setting I didn't do right?

  • I found the problem.

    I was using Hybrid NAT. After switching to Manual NAT and set all NAT Address to "CARP VIP" the problem is solved. 😓

    Update: Still not working... Getting Random Disconnect again...☹

    Update 2: If I Enable CARP Maintenance Mode, connect Fortinet SSLVPN, and disable CARP Maintenance Mode, the VPN will stay stable and no drop of connection.

Log in to reply