Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
danjahner
New Contributor

FortiClient VPN Problems With OSX 10.11 El Capitan

I installed the GM candidate of Mac OS X 10.11 El Capitan and my FortiClient VPN has stopped working. It completes the login, but after connection, no data is transferred - the incoming and outgoing freeze. It is a split tunnel connection and neither network or internet traffic works. 

 

I tried disabling the firewall and System Integrity Protection, but neither had any effect. 

9 Solutions
lzs
New Contributor II

I've been trying since the first public beta, and now on the final GM Candidate. The VPN problem is there. Basically, what is wrong is that OS X's resolver is sending traffic out through the primary (original) network interface, even though the route table correctly shows that the VPN tunnel (ppp0) should be used.

 

When you use a command like nslookup, the DNS traffic goes through the VPN tunnel (ppp0) properly.

 

DNS name resolution  fails because my VPN client is told to use my corporate DNS server, but my corporate DNS server refuses to serve name queries from outside the corporate network. When the FortiClient VPN is connected, OS X's name resolution traffic arrives at the DNS server with the client's public Internet IP address, and hence is refused by my DNS server.

 

Technically, this looks like an OS X bug. Or, perhaps there really is something wrong that FortiClient is dong. Either way, I hope FortiNet can rectify or take it up with Apple to fix El Capitan.

View solution in original post

Sridhar
New Contributor III

Facing the same issue. Latest FortiClient(5.3*) did not fix it.

But, FortiClient 4.0.2082 did not have any such issues(though it occasionally stops tunneling on its own).

 

Waiting for a fix like everyone, but 4.0.2082 is letting me work for time being.

View solution in original post

hansbogert

I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#7287...

 

Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.

View solution in original post

Chris_Lin_FTNT
kevinboos

Chris.Lin wrote:

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

It works for now! Thanks!

View solution in original post

tommy765

Just ran El Capitan updates and it still does not work - bummer

View solution in original post

shenight

Chris.Lin wrote:

Here is another interim build b499.

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.499_macosx.dmg

 

5.4.1 release may be available at the end of February.

 

P.S. b493 from previous post is different from the official 5.4.0 b493. Developer made the change after 5.4.0 was released.

Thanks ! I had same problems that other people since 3 months with forticlient and this new build fixes the issue!!! Great job!

View solution in original post

Chris_Lin_FTNT
soundso

After update to MacOS Sierra the client 5.4.1 works as expected.... 

View solution in original post

146 REPLIES 146
tobiacaneschi_work
New Contributor

Same for me. Can we have a beta version ?

 

danjahner wrote:

I installed the GM candidate of Mac OS X 10.11 El Capitan and my FortiClient VPN has stopped working. It completes the login, but after connection, no data is transferred - the incoming and outgoing freeze. It is a split tunnel connection and neither network or internet traffic works. 

 

I tried disabling the firewall and System Integrity Protection, but neither had any effect. 

nsissrq
New Contributor

I'm having the exact same issue here as well.  It seems to be DNS related, as I am able to ping IP addresses, but cannot ping FQDNs.  I can perform nslookups.  Websites do not load when using FQDN, only when using IP.  I had to add some entries in my /etc/hosts file in order to even do basic work while connected to the company's VPN due to this bug.  It's a workaround for the time being, but we will definitely need a fix soon... El Cap comes Sept 30!

ecr80
New Contributor

Have exactly the same problem. Hope it's solved soon!

rwdorman
New Contributor III

There is another known bug with both El Cap and Yosemite in the current release that causes kernel panics, we're told its fixed in 5.2.5 but no ETA on release.

-rd 2x 200D Clusters 1x 100D

1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D

-rd 2x 200D Clusters 1x 100D 1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D
lzs
New Contributor II

I've been trying since the first public beta, and now on the final GM Candidate. The VPN problem is there. Basically, what is wrong is that OS X's resolver is sending traffic out through the primary (original) network interface, even though the route table correctly shows that the VPN tunnel (ppp0) should be used.

 

When you use a command like nslookup, the DNS traffic goes through the VPN tunnel (ppp0) properly.

 

DNS name resolution  fails because my VPN client is told to use my corporate DNS server, but my corporate DNS server refuses to serve name queries from outside the corporate network. When the FortiClient VPN is connected, OS X's name resolution traffic arrives at the DNS server with the client's public Internet IP address, and hence is refused by my DNS server.

 

Technically, this looks like an OS X bug. Or, perhaps there really is something wrong that FortiClient is dong. Either way, I hope FortiNet can rectify or take it up with Apple to fix El Capitan.

danjahner
New Contributor

The OSX update released 09/22 (El Capitan Update 10.11.1) resolved this issue.

lzs
New Contributor II

danjahner wrote:

The OSX update released 09/22 (El Capitan Update 10.11.1) resolved this issue.

It doesn't for me. Just installed 10.11.1, tested, and had the same issue as before.

rtem
New Contributor

danjahner wrote:

The OSX update released 09/22 (El Capitan Update 10.11.1) resolved this issue.

The same for me. Just updated to 10.11.11. Still not working. What did you do to make it working?

lzs
New Contributor II

I logged a support ticket on this issue, and was told the current version of FortiClient was not supported on El Capitan. Pressing further on an update, seeing that El Capitan is GA next week, I got the reply that:

 

"I'm sorry but we do not have the requested information at the current moment. There no ETA yet on when FortiClient will be supported with Mac OS X 10.11 [El Capitan]."

 

I'm quite disappointed. It's like saying Windows 10 being due next week, and knowing they have a bug with Windows 10, and yet not having a clue about when that will get fixed. OS X may not be as big in numbers compared with Windows, but still a sizeable population of users are on it these days.

Labels
Top Kudoed Authors