Staff

Troubleshooting Tip: SSL VPN error after reissuing certificate 'Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)'

Forum|Forum|1 year ago
October 14, 2024
0 replies
2813 views

Description

This article describes how to resolve an error where SSL VPN setup fails at 40 % after reissued certificate and giving error 'Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)'.

Scope

FortiOS all versions.

Solution

SSL VPN debug shows SSL acceptance failed in debug logs:

[238:root:26]allocSSLConn:298 sconn 0x7f99c1fb00 (0:root)
[238:root:26]SSL state:before SSL initialization (X.X.X.X)
[238:root:26]SSL state:before SSL initialization (X.X.X.X)
[238:root:26]got SNI server name: vpn.domainexample.com realm (null)
[238:root:26]client cert requirement: no
[238:root:26]SSL state:SSLv3/TLS read client hello (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server hello (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write certificate (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write key exchange (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server done (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server done:system lib(X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server done:DH lib(X.X.X.X)
[238:root:26]SSL_accept failed, 5:(null)
[238:root:26]Destroy sconn 0x7f99c1fb00, connSize=0. (root)

Uninstall the certificate and install it again. This will most likely fix the issue.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded