Helpful ReplyFortiClient VPN Problems With OSX 10.11 El Capitan

Page: < 12345.. > >> Showing page 4 of 8
Author
hansbogert
Bronze Member
  • Total Posts : 1
  • Scores: 6
  • Reward points: 0
  • Joined: 2015/10/13 11:42:04
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/13 15:21:59 (permalink) ☄ Helpfulby richard451 2015/10/14 13:12:51
5 (3)
I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#728707
 
Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.
#61
tiujpatel
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/14 07:11:36
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/14 07:14:57 (permalink)
0
I updated the client to 5.4 and its still not working. Anyone else have this working without having to go thru route changes. 
#62
tiujpatel
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/14 07:11:36
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/14 10:43:38 (permalink)
0
On top of it still not working I am now getting nonstop error in log which leads to grey screen of death. Happened couple times, had to uninstall 5.4 completely of this to stop. Here is what shows up in the console, this one line shows up continuously. 
 kernel[0]: fctappfwnke : error! - pkt data write error 
#63
richard451
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/01 12:53:09
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/14 13:13:10 (permalink)
0
hansbogert
I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#728707
 
Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.

That worked great!  Thank you!!


#64
prabin
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/14 14:16:00
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/14 15:09:26 (permalink)
0
Hello,
 I have installed lastest forticlient 5.4 and I am running El Capitan. My issue is I am not able to connect to internet in Safari but I am able to login to my remote windows desktop. Any help will be useful?
#65
mr brody
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/16 08:07:54
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/16 16:58:28 (permalink)
0
Using an older version works.

From my dropbox:

https://www.dropbox.com/s...cosx_4.0.2297.dmg?dl=0

Tested successfully!
#66
seadave
Expert Member
  • Total Posts : 365
  • Scores: 58
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/16 17:08:20 (permalink)
0
This **** has got to stop Fortinet.  Is anyone over there doing any kind of QC testing???  I've spent that last month trying to figure out how I can deploy a consistently configured IPSec VPN to my Mac and Windows users without dumbing it down to ****py crypto.  EMS is a good start and I'm going to play with that, but based on the complaints about 5.2.4, the cert bug in 5.2.3 (UI gets corrupted if you attempt to upload a EC Signed Cert), and what I'm seeing in FortiClient 5.4 I don't have my hopes high.
 
WHY IN THE HECK ARE THERE NOT ADVANCED SETTINGS ON THE MAC CLIENT UI!!!
 
I guess I'm one of those guys who doesn't like defaults because that is what the bad guys love and I'm trying to prevent.  As a result we are trying to only allow DH Group 14 (I'd like to use the EC based ones but those aren't available in the Windows or Mac clients) and we are only allowing AES256/SHA256 Enc/Auth proposals.  This is fairly easy to do on the Windows client.  NONE OF THESE OPTIONS ARE AVAILABLE ON THE MAC!!!
 
I finally figured out that if I export the schema on the MAC I can waste a few more hours hunting these values down and change them by hand.  After doing so, I imported back into the MAC FortiClient and BAM!, if finally connected using the stronger auth crypto.  But now I'm in the same boat as all of the folks above due to DNS issues.
 
On Windows you can edit the virtual interface and add your domain and DNS servers to be used when the connection is active, but the FortiClient does not show up as an editable interface under the Mac Network settings.  I'm glad there are people out there who are as well versed as the person who figured out the CLI scripting but why torture us in having to figure that out when all it takes is a few weeks during development to make the freaking UI consistent and available to those of us who are not CLI terminal wizards???
 
PS I'm well aware that Apple has F'd up the DNS service in recent OSX releases.  I saw your release notes that said, "we found a problem, but it is Apples fault so it is up to them to fix it" is BS.  If one of your customers is able to come up with a fix, there should be someone at Fortinet who is smart enough to do that also and bake it into the build as an option.
#67
jgallups
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/20 07:21:39
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/20 07:31:39 (permalink)
0
So cliffs notes so far... it's an Apple problem and Fortinet is waiting on a resolution?
#68
jweber
New Member
  • Total Posts : 16
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/10/31 08:38:58
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/20 10:33:25 (permalink)
0
Sounds like it. I'm curious whether anyone has tried it with the 10.11.1 betas.
#69
lubyou
Bronze Member
  • Total Posts : 35
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/01/05 00:57:21
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/20 12:18:48 (permalink)
5 (1)
Its the 
jweber
Sounds like it. I'm curious whether anyone has tried it with the 10.11.1 betas.




Same problem on 10.11.1 Beta.
#70
nsissrq
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/09/15 10:48:21
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 08:23:41 (permalink)
0
What's rather strange to me is that I'm unable to find any other reports of this issue from El Cap users.  The only results I find when searching for "mac 10.11 dns resolve" are related to this thread or to the discoveryd/mDNSResponder issues from Yosemite.  If this were a widespread Apple problem, shouldn't there be at least a couple more reported issues?
#71
seadave
Expert Member
  • Total Posts : 365
  • Scores: 58
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 08:47:48 (permalink)
0
Sorry was out of town with what turned out to be a dead laptop.
 
http://arstechnica.com/apple/2015/01/why-dns-in-os-x-10-10-is-broken-and-what-you-can-do-to-fix-it/
 
I know this article is old but I think the problem has persisted in some form or another.  Since it was published, Apple ditched discoveryd back for mDNSresponder (after four months!), but we've still had some issues.
 
http://www.macrumors.com/2015/05/26/apple-discoveryd-replaced-with-mdnsresponder/
 
I think it (did?) mainly impact(s) split tunneling and it is possible that I'm lumping this together with another less obvious networking bug.  One article I read indicated that the OS get confused as to what interface to send a packet on, so if you are connected to both Wifi and Ethernet (silly I know but people do it all the time), and a VPN with split tunneling enabled, the connection will crash after a short period of time.  My proposed solution is to disable split tunneling, and make sure you are only on Wifi or Ethernet, not both.  Have not had time to definitively test with all the possible MacOS and FC versions.
#72
Chris.Lin_FTNT
Gold Member
  • Total Posts : 310
  • Scores: 35
  • Reward points: 0
  • Joined: 2012/11/19 14:12:49
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 12:06:18 (permalink) ☄ Helpfulby htoomik 2015/10/27 23:00:24
5 (5)
There is a new private build here:
https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg
 
Would you guys give it a try?
#73
jweber
New Member
  • Total Posts : 16
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/10/31 08:38:58
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 12:06:21 (permalink)
0
I can confirm that the bug is still present in the final 10.11.1, with FC 5.4, a split-tunnel VPN, and only one network interface enabled (Ethernet).

EDIT: didn't see Chris's post above. Will give it a try.
#74
lubyou
Bronze Member
  • Total Posts : 35
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/01/05 00:57:21
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 12:10:05 (permalink)
5 (1)
Chris.Lin
There is a new private build here:
https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg
 
Would you guys give it a try?




Seems to work for me on 10.11. 
 
Edit: Positive results on 10.11.1, too.
post edited by lubyou - 2015/10/22 12:13:24
#75
jweber
New Member
  • Total Posts : 16
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/10/31 08:38:58
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 12:25:48 (permalink)
0
Me too -- the private build works on 10.11.1, with both Ethernet and Wi-Fi enabled. Good news! Now I just need to decide if I actually want to upgrade. :)
#76
seadave
Expert Member
  • Total Posts : 365
  • Scores: 58
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 14:09:47 (permalink)
0
Chris, I think I can speak for all here that your monitoring and offer to provide updates for testing is greatly appreciated.  I will attempt to test with this also.
#77
Sridhar
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/01 02:30:46
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/22 20:08:58 (permalink)
0
Can confirm, the private build works in 10.11! Thanks for the effort.
 
Is the search domain getting set properly for you guys? I had the same issue with 5.2 build(in Yosemite), so had to write a script to add the search domain via scutil(which still works). Its kinda annoying to run the script every time you connect to VPN.
post edited by Sridhar - 2015/10/22 20:13:51
#78
Sridhar
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/01 02:30:46
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/23 00:10:53 (permalink)
0
I still face the system crash issue after installing the private build, anyone else facing the same?
#79
jgallups
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/20 07:21:39
  • Status: offline
Re: FortiClient VPN Problems With OSX 10.11 El Capitan 2015/10/23 08:46:25 (permalink)
0
works for me too; awesome
#80
Page: < 12345.. > >> Showing page 4 of 8
Jump to:
© 2021 APG vNext Commercial Version 5.5