Skip to main content
tolgainci
tolgainci
New Member
April 7, 2025
Question

Unable to connect Forticlient VPN

  • April 7, 2025
  • 3 replies
  • 6722 views

Hello,

 

We are based in Turkey, and a user in Kazakistan is unable to connect to VPN. Other users in Turkey and other countries such as Thailand are able to connect with the same username and password. The exact error we get is "Unable to establish the vpn connection. the vpn server may be unreachable. (-5010)" I couldn't find anything on error 5010.

 

We tried connecting via cellphone, connecting from a public internet but the error is still the same. Then we formatted the computer, it's still the same. I will be glad if someone can help. Thanks in advance.

    3 replies

    AEK
    SuperUser
    AEK
    SuperUser
    April 7, 2025

    Hi

    First thing to try from the affected client:

    telnet x.x.x.x:pppp

    Where x.x.x.x is the FGT public IP address for VPN access, and pppp is the port number of the VPN service.

    You can also try from browser:

    https://x.x.x.x:pppp

     

    AEK
      tolgainci
      tolgainciAuthor
      New Member
      April 9, 2025

      Hello,

       

      telnet 176.xx.xx.xx 10443 connects. Blank screen with blinking cursor.
      https://176.xx.xx.xx:10443 doesn't connect. It gives ERR_TIMED_OUT error

      AEK
      SuperUser
      AEK
      SuperUser
      April 9, 2025

      Its clear that the TCP connection is failing to establish.

      I see you tried from several ISP with the same result.

      Can you check on FGT side if there is no restriction by country in SSL VPN settings?

      AEK
        Atul_S
        Staff & Editor
        Atul_S
        Staff & Editor
        April 7, 2025

        Hi there,

         

        Since all the other users are working fine, the SSL VPN config seems to be correct at the FortiGate end. It looks to me more like a local user VPN configuration issue, an auth issue, or a latency issue. Are you connecting to this SSL VPN on a standard 443 port? If not, then we might need to rule out a custom port issue upstream. Please review the documents below if you would like to capture some log data and review them.

         

        https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

        https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-the-error-Unable-to-establish-VPN/ta-p/274253

         

        Thanks,

          tolgainci
          tolgainciAuthor
          New Member
          April 9, 2025

          Hi,

           

          We are using port 10443

          dingjerry_FTNT
          Staff
          dingjerry_FTNT
          Staff
          April 9, 2025

          Hi @tolgainci ,

           

          1) Get the client's public IP x.x.x.x;

          2) On FGT, run:

           

          diag sniffer packet any 'host x.x.x.x and port 10443' 4

           

          3) Then ask the client to reproduce this issue.

           

          This is to confirm that at least the traffic to port 10443 from Kazakhstan will hit FGT at port 10443.

           

          4) If you do see traffic hitting FGT at port 10443, ask the client to stop.

           

          5) Run the following commands:

           

          diag debug flow show iprope enable

          diag debug flow filter addr x.x.x.x

          diag debug flow filter port 10443

          diag debug flow trace start 1000

          diag debug enable

           

          Then reproduce the issue again.

          Terms & ConditionsAccessibility statement