Hi Everyone,
I’m having some issues with the VPN FortiClient version 7.2.3 installation on Rocky Linux 9.3.
When i’m working from home and i connect the VPN for the company I work for, via VPN FortiClient version 7.2.3(it’s the free version, just VPN at the bottom of the Fortinet Download page), on a laptop with Rocky Linux 9.3, I can’t seem to be able to connect to some of the company’s internal websites.
The company has mostly Windows Servers and Windows Desktops, when this VPN is connected I can establish RDP connections to other machines on the company’s network, I can access shared files/folders, so I can access some of the company’s resources through the VPN, but not all of them and I’m not sure why.
This Rocky Linux Laptop was added to the company’s Windows domain, it shows up on Active Directory, I’m logged in on the laptop with an AD user.
If I take this Linux Laptop to the office and connect it to the company’s network via ethernet cable I don’t have this problem, I have access to everything I need to with the same Rocky Linux Laptop, same user!!!
I used to have a Windows 10 laptop, same VPN, didn’t have this issue, it connected fine and I had access to all the network resources I need when this same VPN connection was active on the Windows machine working from home!!!
I’ve disabled SELinux and firewalld and still have the same problem.
Am I missing something?
Is there anything else that I can double check or disable on Rocky Linux and try again?
Thank you very much,
Being in the office, versus VPN aren’t the same thing. I can have more access to things in the office, but not necessarily by VPN if the firewall rules on the Fortigate haven’t been configured to allow access from the VPN.
The first thing to check would be to make sure that whoever administers the firewall has allowed access from the VPN to the servers/machines that you want to connect to.
Hi iwalker,
Thank you very much for your reply.
Sorry for this late reply.
I’ve talked to my sysadmin colleagues and we managed to figure out what was going, it’s now solved.
Firewall rules are ok on the Fortigate as it works fine on a Windows 10 machine, but not on the Rocky Linux machine.
To provide a bit of information of what we found out, basicaly we noticed that by analyzing traffic we noticed that although the FortiClient was showing that the VPN is connected on the Rocky Linux machine, the traffic was still going out via Internet, via public IP addresses and not via private IP addresses as it was supposed to!!!
Which means on the Windows 10 machine once the VPN is connected this machine gets the DNS servers IP addresses automatically, but the Rocky Linux machine is not getting the DNS servers IP after the VPN is successfully connected.
I added the DNS servers IP addresses to the config files of /etc/hosts and /etc/resolv.conf but still it didn’t work.
After some search on the Internet we found out that I needed to edit the file at /etc/systemd/resolved.conf, uncomment the DNS and FallbackDNS lines and add to both lines the DNS servers IP addresses, that’s when it started to work and I was able to access the internal websites I couldn’t before via FortiClient VPN connection on Rocky Linux.
I just wanted to provide this information here in case somebody else has the same issue.
Thank you very much.
All the best.
Kind regards,
1 Like
I didn’t have to do that on Fedora, obviously realise it’s not the same as Rocky. I do have a VM with Rocky and Cinnamon desktop so I could try my SSLVPN tunnels in here and see if I encounter the same problem as you.
Although recently, we’ve disabled SSLVPN due to vulnerabilities that were encountered and only fixed in one of the latest FortiOS releases. Since then we’ve pretty much used ipsec for our tunnels. I got mine configured using a cisco ovpnc type tunnel config on the Fortigate which it’s possible to configure via NetworkManager-ovpnc plugin.