New Member

Question

SSL VPN for MAC M1 MAX

Forum|Forum|2 years ago
April 11, 2024
3 replies
4740 views

I'm able to connect on my iPhone but not from my Mac here is the logs.

20240411 10:40:51 TZ=-0400 [VPN:INFO] PacketTunnelProvider.swift:42 VPN provider: 0850
20240411 10:40:51 TZ=-0400 [VPN:INFO] PacketTunnelProvider.swift:56 Start Destination IP tunnel.
20240411 10:40:51 TZ=-0400 [VPN:DEBG] PacketTunnelProvider.swift:148 Mode: 0
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SystemConfig.swift:212 Get DNS from Setup domain
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SystemConfig.swift:242 Copy service entity failed
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SystemConfig.swift:212 Get DNS from State domain
20240411 10:40:51 TZ=-0400 [VPN:INFO] SSLVPNTunnel.swift:1111 Starting TLS tunnel
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SSLVPNTunnel.swift:1117 Hostname: ------
20240411 10:40:51 TZ=-0400 [VPN:INFO] SSLVPNTunnel.swift:1052 TLS tunnel connection state: PREPARING
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SSLVPNTunnel.swift:1016 TLS tunnel connection state: READY
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SSLVPNTunnel.swift:1017 remote IP: -------
20240411 10:40:51 TZ=-0400 [VPN:EROR] SSLVPNTunnel.swift:196 Server does not support all known tunnel methods.
20240411 10:40:51 TZ=-0400 [VPN:INFO] SSLVPNTunnel.swift:1039 TLS tunnel connection state: CANCELLED
20240411 10:40:51 TZ=-0400 [VPN:EROR] SSLVPNTunnel.swift:1045 TLS tunnel cancelled with error: badConfiguration
20240411 10:40:51 TZ=-0400 [VPN:EROR] SSLVPNTunnel.swift:838 Closed while starting, with error: badConfiguration

I have tried all the suggestions from that thread. I'm on an Apple M1 Max and getting this with Forticlient 7.2.4.0850 which is the client my firewall is serving when I go to download it.

akanibek

Staff

@bustedware , could you enable some debugs on FGT side, and reproduce the issue, then share outputs here:

What is you FGT version btw?

diag debug reset

diag debug console timestamp enable

diag debug app fnbamd -1

diag debug app sslvpn -1

diagnose debug enable

bustedwareAuthor

New Member

Yes. Can you please let me know how do I rollback these changes first and where will the logs be generated on the firewall? Thank you

akanibek

Staff

Sure,

open ssh connection to FGT, and execute these commands above.

after finishing, disable the debugs using the command below, and share outputs:

diag de disable

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

hbac

Staff

Hi @bustedware,

Error says bad configuration "TLS tunnel cancelled with error: badConfiguration". Can you share the configuration of the SSLVPN connection on FortiClient?

Regards,

bustedwareAuthor

New Member

Screenshot 2024-04-11 at 11.15.36 AM.png

hbac

Staff

@bustedware,

Are you using FQDN or IP address as Remote Gateway? If you have Host Check enabled on the firewall, try disabling it and see if you are able to connect. 5.4.4 is too old, is it possible to upgrade the firmware version?

Regards,

AEK

SuperUser

Which FortiOS version?
Can you share the following command from FG?
```
show vpn ssl settings
```

AEK

bustedwareAuthor

New Member

FortOS v5.4.4,build1117

config vpn ssl settings     set servercert "Fortinet_Factory"     set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"     set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"     set port 7443     set source-interface "wan1"     set source-address "all"     set source-address6 "all"     set default-portal "web-access"     config authentication-rule         edit 1             set groups "IPSEC-VPN"             set portal "tunnel-access"         next     end end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded