Created on 03-08-2023 08:08 AM Edited on 10-30-2024 07:17 AM By Jean-Philippe_P
Description |
This article describes how to solve an issue when users are not able to connect to the SSL VPN using FortiClient. When trying to connect, it is stuck at 98%. |
Scope | FortiClient. |
Solution |
user=test@fortinet msg="SSLVPN tunnel connection failed" vpnstate= vpntunnel=fortinet vpnuser=test remotegw=vpn.fortinet.com 2/23/2023 11:22:36 AM info sslvpn FortiSslvpn: 13576: fortissl_connect: device=ftvnic 2/23/2023 11:22:36 AM error sslvpn FortiSslvpn: 15344: RasGetEntryPropertiesWin7(fortissl) failed. (r=623) 2/23/2023 11:22:36 AM error sslvpn FortiSslvpn: 15344: error: ssl_connect:-3 2/23/2023 11:22:36 AM error sslvpn FortiSslvpn: 15344: tunnel_to_fgt error 2/23/2023 11:22:38 AM error sslvpn FortiSslvpn: 14544: error: ras_loop(), waitResult=1.
This issue usually occurs due to IPv6 conflicts when the VPN remote gateway FQDN resolves to IPv4 and IPv6 or if the SSL VPN virtual adapter was not properly installed on the endpoint.
There are 3 possible workarounds to resolve this issue:
Control Panel -> Network and Internet -> Network and Sharing Center -> Select the Network Adapter -> Properties -> Uncheck Internet Protocol Version 6 (TCP/IPv6).
<resolve_to_ipv4_only>1</resolve_to_ipv4_only>
resolve_to_ipv4_only: If an FQDN is used for the VPN gateway that can be resolved to IPv4 and IPv6, but only IPv4 functions, FortiClient resolves the FQDN via the IPv4 address.
This modification is applied from the EMS: EMS -> Endpoint Profiles -> Remote Access -> Select and Edit the profile -> XML -> Edit -> Apply Configuration -> Save.
Reference Document: XML Reference Guide
Related document: Prevent Device Installations - Client Management/MDM policies |
Thank you for writing this article. It is helpful resolving issues where IPv6 is enabled specifically on Windows 11 host.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.