Saturday, June 29, 2013

Forticlient SSL VPN Routing Problem

Do you have to work with a Forticlient VPN SSL client from your Fedora? For me it was a total bummer because the official Linux client is discontinued and it seems that its latest version does not work properly on Fedora.

But that's not the problem. When I try to connect to a VPN through this application, it is successfully completed. Moreover, adds a network interface called 'ppp0'. For now, no problem.


So what's the problem? I can not ping to any machine in the network. After investigation and suspicions, I found that the connection does not route the requests. The following command solves this issue ({ip-address-from-adapter-ppp0} is replaced by the IP address from network adapter 'ppp0'):
route add default gw {ip-address-from-adapter-ppp0} ppp0



What does that do? It routes all traffic through the gateway connected to the network interface 'ppp0'.


The only problem is that you have to run this command every time you connect to the VPN. On my next post, I will post the script to automate this process. Problem solved!

11 comments:

Wow! after a long silence by our legend mimerth and contributor wenz they now offering again free vpn with 12 servers.

I don't know how old this post is but I have another solution.
Actually if you look into helper/forticlientsslvpn.log you will notice that theres a command failing. Basically is because the script sysconfig.linux.sh does not get the address of the interface ppp0 correctly. So the line 63 (or 64) which looks like this: addr=`ifconfig $ifn |grep "inet"|awk ' {print $2 }'| awk -F : '{ print $2}'`
should not have the las awk, so just modify it to this:
addr=`ifconfig $ifn |grep "inet"|awk ' {print $2 }'`
E Voilà...
Also, just on a side note the only forticlient executable for linux I could find is compiled for 32bit, if you try to execute it on your system and it fails with something like "executable does not exists" then it's because your system is on 64bit, you should download gcc-32 and glibc-32 and lib32-gtk so it can run.
Hope this saves some time to someone else.

I looked forever for a solution to this. Thank you.

This tutorial worked me like a great cure of my SSL VPN routing problem. I was having complication sorting out such problem easily, therefore truly pleased to learn how things actually works on such Linux based platform. Thanks.

So many times these types of issues we face in dealing with the VPN services but the best things is you can find the solution very easily and the reason is there is a great work done by the top professional and their work is available here. you did a great work by having this post and I really like your idea. When I use DNS services it is good and easy for me to handle although VPN is also great to have in our working.