Created on 10-28-2024 06:21 AM Edited on 10-07-2025 10:15 PM By Anthony_E
This article describes an error, 'Unable to establish VPN connection. The VPN server may be unreachable (-6005)' at 40% in FortiClient.
However, the error 'wrong vdom (0:0) or time expired' appears in SSL VPN debug.
FortiGate.
diagnose debug application sslvpnd -1
diagnose debug enable
To stop the debugs:
diagnose debug disable
diagnose debug reset
2024-01-11 10:00:53 [1654:root:70d]req: /remote/saml/login2024-01-11 10:00:53 [1654:root:70d]Transfer-Encoding n/a2024-01-11 10:00:53 [1654:root:70d]Content-Length 90592024-01-11 10:00:53 [1654:root:70d]readPostEnter:17 Post Data length 9059.2024-01-11 10:00:53 [1654:root:70d]fsv_rmt_saml_login_cb:91 SAML resp 8908.2024-01-11 10:00:53 [1654:root:70d]fsv_rmt_saml_login_cb:121 wrong vdom (0:0) or time expired.2024-01-11 10:00:53 [1654:root:70d]Destroy sconn 0x7f9bee8800, connSize=2. (root)2024-01-11 10:00:53 [1654:root:70d]SSL state:warning close notify (1.192.64.53)
Increase the remoteauthtimeout value as below:
config system global
set remoteauthtimeout 60
end
If the issue persists, it is necessary to sync the local machine time with FortiGate time, and it should work.
If that does not work, restart the SSL VPN and upgrade to FortiClient v7.2.4 or above.
Note:
Starting from v7.6.3, the SSL VPN tunnel mode feature is not supported, and it is replaced with IPSEC VPN: SSL VPN tunnel mode replaced with IPsec VPN
Related articles:
Troubleshooting Tip: Companion for troubleshooting SSL VPN with SAML Authentication
Troubleshooting Tip: Cannot login to VPN after accepting MFA with the SAML SSO on Azure Entra debug ...
You are leaving our site and we cannot be held responsible for the content of external websites
