Technical Tip: Error 'The VPN server may be unreachable (-14)' for FortiClient
Description
This article discusses the Quarantine IP address lost after reboot.
Scope
FortiGate
Solution
While connecting SSL FortiClient VPN the following error 'The vpn server may be unreachable (-14)' appears.
When a user is added in 'user definition' via LDAP and when the same user is added in 'user group' with the remote server option selected, SSL FortiClient VPN is not able to connect.
In the above case, when a user is trying to authenticate, it will explicitly reach the LDAP server using a remote server and checking email authentication on the server instead of FortiGate and failed to connect.
But 2FA email is configured on FortiGate, not at LDAP.
Check the setting below.
Below is the error message:
Once the remote server has been removed, the user is able to log FortiClient VPN successfully.
Considering it is expected behavior for 2FA email authentication, configure user only under member and keep remote server under remote group option without selecting any server.