Visitor III

Solved

No bytes are received when connected to IPSEC dialup VPN with FortiOS 7.6.4 using FortiClient

Forum|Forum|8 months ago
August 26, 2025
5 replies
3929 views

Hi,

I'm experimenting a new weird issue with an IPSEC dialup VPN created on a FortiGate 100F with FortiOS 7.6.4. The thing is that I can reach a connection with the FortiClient v7.4.3.1790, and my connection is able to send Bytes but it's not receiving any Bytes. I've been trying several configuration using the IKEv1 and IKEv2, and unfortunately, using IKEv2 is not connecting and using IKEv1 I was able to have a connection but only is sending Bytes and not receiving. Any idea or solution will be are welcome... One more thing, I already reviewed the article ID 352403 posted by Stephen_G, about a similar situation but, my configuration of the FortiClient is the same to the configuration suggested in that article, and it's not working... Please see the snapshots below...

Thank you in advance for all your help...

Ashampoo_Snap_Sunday, August 24, 2025_20h49m13s750.jpg

Ashampoo_Snap_Monday, August 25, 2025_15h33m27s754.jpg

Ashampoo_Snap_Monday, August 25, 2025_15h34m2s755.jpg

FortiClient

Best answer by MZBZ

Better to switch to IKEv2 ASAP. FortiClient 7.4.4+ will not support IKEv1 anymore.

funkylicious

SuperUser

hi,

maybe this https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-IPsec-VPN-is-connected-but-received-bytes/ta-p/354270 and disabling IPv6

"jack of all trades, master of none"

ReneGutAuthor

Visitor III

Hi,

Thank you so much for your time to try to help me with this issue, I tried all recommendations that I found in your link, but unfortunately none of them works, and the problem continue...

mariusmuresan

New Member

Hi, you need to change IKE phase 1 and phase 2 proposal, from sha1 to sha256 (both on fortigate and forticlient), so your encryptions will be AES128-AES256-SHA256-SHA256. This will work with IKEv1. On the other hand if you want to use IKEv2 I think the best ideea is to downgrade the firmware back to 7.6.3. Also i recommand to check Auto keep alive from Fortigate (your VPN connection)-> phase 2 selector. I worked 3 days to solve this problem, but is more difficult that I thought, and in the end I did the downgrade back to 7.6.3.

mariusmuresan

New Member

And also, I'm not sure if this really matter, but I used channel 5 and 14 for tests on DH group.

BillH_FTNT

Staff

Hi @ReneGut ;

I will test your case in my lab with a simple configuration. However it is a big help if you can share the related configuration to my email bhoang@fortinet.com ; Thank you

Bill

ReneGutAuthor

Visitor III

Thank you so much Bill, this is a great news... I will send you the information requested asap today or tomorrow...

BillH_FTNT

Staff

Hi all,

We have reproduced the similar issue in our lab and are working with the Engineering team to find the root cause. I will update this thread with the status. Thank you.

Bill

ReneGutAuthor

Visitor III

Great...!!! Thanks...

MZBZAnswer

Staff

Better to switch to IKEv2 ASAP. FortiClient 7.4.4+ will not support IKEv1 anymore.

ReneGutAuthor

Visitor III

Thank you so much M.B., I have created two new locations using FortiGate 100F with FortiOS 7.6.4 and creating the IPSec with IKEv2 and both are working perfectly. However, the original location with the issue, continue not working despite I deleted the IPSec with IKEv1 and everything related to this original configuration. In this devise I have running a Virtual IP to have a remote connection to one server used for the Security Cameras Company, and I don't know if this can be affecting the IPSec connection...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded