0

So I need to have our server connect to another server using a vpn connection via forticlient without disconnecting every user on the machine. I looked through forticlient's options and it doesn't seem to have any options to stop it from rerouting the entire server's internet traffic. I really only need the RDP connections to stop disconnecting everything else is secondary. I know this will cause issues for the person we are connecting to but that is fine. What should I be looking to do to allow rdp connections to stay active if forticlient vpn is started on the server?

I tried finding an answer myself but using rdp and vpn in one google search makes it very hard to find anything relevant to my issue.

drg
  • 286
  • 4
  • 13
Kyle Wilkins
  • 13
  • 1
  • 5

1 Answers1

0

You need to ask your VPN client not to redirect the default route (0.0.0.0/0) thru the VPN, that's the easiest path whenever possible.

If the Windows VPN client won't let you do so you can start the VPN and later modify your routing table with a .bat/powershell script, something along the lines route delete 0.0.0.0 and route add 0.0.0.0 MASK 0.0.0.0 192.168.0.1, supposing your default gateway is such, of course.

After it check if you've got a route for the external lans you're trying to reach via VPN: Since your VPN client was redirecting all traffic it might have skipped creating a route for each/every remote lan you wanted. Supposing you have a 192.168.20.0/24 remote and 192.168.0.0/24 local lan you might need to route add 192.168.20.0 mask 255.255.255.0 <same gateway as your old vpn-defaultroute>

There might be a /32 route towards your VPN host via the same path as your traditional gw, you can delete that as well, since it will be the same as default route it makes no difference though.

All route commands except route print need to be ran with administrative privileges.

Carlos Lint
  • 31
  • 1