Skip to main content
spoojary
Staff
spoojary
Staff
September 18, 2023

Troubleshooting Tip: How to fix the error 'Unable to establish VPN connection. The VPN server may be unreachable (-6005)'

  • September 18, 2023
  • 0 replies
  • 166257 views
Description This article describes the case when logging into the FortiClient, it shows the following error: 'Unable to establish VPN connection. The VPN server may be unreachable(-6005)'.
Scope FortiClient, FortiGate.
Solution

When trying to establish a VPN connection, users receive an error message that says 'Unable to establish VPN connection. The VPN server may be unreachable (-6005)'.

 

image (2).jpg

 

Check the configuration to ensure everything is correct. This error is usually caused by an incorrect VPN gateway configuration or incorrect authentication configuration in the case of SAML authentication.

 

Ensure it is possible to connect and pass authentication using the configured VPN gateway URL from the browser. This does not require enabling web access: it should be possible to see a login page even with tunnel-only access enabled.

 

The issue can sometimes be resolved by uninstalling the current version of FortiClient.

 

To ensure a clean uninstall, use the FCRemove tool. See this article: Technical Tip: How to download FortiClient and FCRemove exe from Support.fortinet.com.

 

Additional tips:

  1. Consider using wired internet connections (Ethernet) over wireless if persistent connectivity issues are faced.
  2. Remember that VPN connections might not work on certain networks (e.g., some public Wi-Fi networks block VPN connections), so always test on a known good network if in doubt.
  3. Reinstall the same version of FortiClient or consider upgrading to a newer version if available.
    Newer versions may contain bug fixes.
  4. If the issue is recurrent, consider generating and reviewing FortiClient logs to pinpoint any underlying issues. Share these with the IT department or Fortinet support for a deeper diagnosis.
  5. A lower remote authentication timeout value can also be the reason for the error message -6005 when using SAML with 2FA. By default, the value is set to 5, but it can be changed and increased to a higher value. For example, 180:

 

config system global

    set remoteauthtimeout 180

end

 

If the user is getting this error message when connecting to SSL VPN after upgrading to firmware version 7.2.12, do refer to Troubleshooting Tip: SAML Authentication fails after firmware upgrade to v7.2.12, v7.4.9 or v7.6.4.

 

FortiClient's Notifications.png
As outlined in the article, users are required to configure the Signing Option in the SAML Signing Certificate settings of Microsoft Entra ID to Sign SAML Response and Assertion.

 

This change resolves the SAML authentication issue that may occur after the firmware upgrade.
      Terms & ConditionsAccessibility statement