| Description |
This article describes that the FortiClient user connects successfully and gets a valid IP address given via DHCP and is shown on the FortiClient connection page. However, the user cannot access anything on the internal network because the Fortinet SSL VPN Virtual Ethernet Adapter gets an automatic IP (APIPA, 169.254.x.x) and not the one given by the DHCP enabled under the SSL VPN Settings -> Tunnel mode client settings in FortiGate. |
| Scope | FortiGate, FortiClient. |
| Solution |
The users can connect to the SSL VPN successfully, and FortiClient receives the correct IP address. However, the routes are not showing up on the user's PC.
This issue is due to the Microsoft update (KB2693643) on Windows 11. KB2693643 is not compatible with the Windows 11.
Check if the user is using Windows 11 22H2 version, it is possible the user has installed Remote Server Administration Tools (KB2693643) on the Windows system.
Uninstall the KB2693643 by running the following command on the command prompt (opened as Administrator):
wusa /uninstall /kb:2693643 After running the command, a pop window will display, Select 'yes' to confirm
Following this, disconnect from FortiClient and connect with it again, this time the user will be able to access the internal resources behind the FortiGate. It is also possible to uninstall the KB2693643 using the following steps in the Windows 11 Machine where the user is connected to the FortiClient VPN:
Select Start -> Settings -> Windows Update -> Update history -> Uninstall updates.
After uninstalling the Microsoft Update KB2693643, reconnect to the FortiClient. |
