Skip to main content
edmanager
edmanager
New Member
March 19, 2026
Question

IPsec VPN and Mac OS Tahoe

  • March 19, 2026
  • 4 replies
  • 681 views

Hi,

 

Has anyone had any luck getting FortiClient vpn working on Tahoe? so far iv had 0 success .

All windows based clients work fine however

4 replies

funkylicious
SuperUser
funkylicious
SuperUser
March 19, 2026

hi,

macOS user with Tahoe 26.3.1 and FortiClient 7.2.13 installed, works just fine.

"jack of all trades, master of none"
edmanager
edmanagerAuthor
New Member
March 19, 2026

Il try and get hold of 7.2.13 and test 

7.4.3 vpn only is the version I'm currently trying with no success.

I've also tried the full client version of 7.4.5

funkylicious
SuperUser
funkylicious
SuperUser
March 19, 2026

as per https://docs.fortinet.com/document/forticlient/7.4.3/macos-release-notes/471180 , it doesnt support Tahoe.

https://docs.fortinet.com/document/forticlient/7.2.13/macos-release-notes/471180 

"jack of all trades, master of none"
edmanager
edmanagerAuthor
New Member
March 19, 2026

Iv tried with version 7.2.14

however im still getting racoon error -306

funkylicious
SuperUser
funkylicious
SuperUser
March 19, 2026

if you are using DH20 in the ipsec config, that isnt supported on macOS version of FortiClient.

otherwise, i would keep searching for clues in either the logs on the laptop or on the FGT.

"jack of all trades, master of none"
edmanager
edmanagerAuthor
New Member
March 23, 2026

What i've confirmed:

  • IKEv2 Phase 1 completes successfully
  • FortiGate responds correctly to auth
  • FortiClient immediately sends a DELETE (inf2 msgid 00000002) killing the session
  • Racoon error -306 (PFKEY_ACQUIRE_WAIT) — kernel never confirms SA installation
  • SQLite database error occurring at the same time
  • Clean install, correct permissions, extension activated and enabled
  • FortiGate config is correct (Windows clients work fine)
  • DH group, proposal, Phase 1 and Phase 2 all confirmed matching

A bug in FortiClient 7.2.14? where the PF_KEY SA installation into the macOS Tahoe kernel fails, triggering an immediate DELETE. The SQLite error may be a symptom of the same underlying issue rather than the cause.

 

edmanager
edmanagerAuthor
New Member
March 20, 2026

iv made the changes so it "should" now work with DH18 enabled and things but im still getting it time out. on fortianalyzer it shows as it deletes the ipsec phase 1 sa which it dosnt do when you connect via a windows client

Terms & ConditionsAccessibility statement