Description
This article describes how to rectify 'failed to establish the VPN connection', '5029 error'.
Solution
While connecting the FortiClient the below-mentioned error can appear.
This error happens because of the TLS mismatch.
Go to Internet explorer -> Settings -> Internet options -> Advanced, scroll down and check the TLS version.
From the above Image only TLS 1.2 is selected on client end while the FortiGate does not support TLS 1.2, check the output below.
Verify the TLS settings configured on FortiGate end as well as the TLS settings on the client end.
In this case, change the settings on client machine end.
As soon as settings are changed connect the FortiClient is possible.
Verify the TLS settings configured on FortiGate end as well as the TLS settings on the client end.
(settings) # sh fulNow, select the TLS 1.1 and TLS 1.0 on client machine end or change the TLS version to 1.2 on FortiGate end will be needed.
# config vpn ssl settings
set reqclientcert disable
set ssl-max-proto-ver tls1-1
set ssl-min-proto-ver tls1-0
In this case, change the settings on client machine end.
As soon as settings are changed connect the FortiClient is possible.
Server Certificate
If all step here has been followed by still getting same error to connect, make sure to check
the server certificate are set and not empty. This can be verify under SSL-VPN Setting -> Server
Certificate. Please change it accordingly.
After certificate has been set, it will be possible to connect to SSL-VPN.
