Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ade_23
Staff
Staff

Created on ‎07-30-2025 10:19 AM

Article Id 404198

Troubleshooting Tip: Fix 'Unable to connect to VPN because tunnel configuration is unsupported' error for dial-up IPsec connections

Description This article describes what changes to make to fix the error 'Unable to connect to VPN because tunnel configuration is unsupported' when connecting to IPsec VPNs from a MacOS device.
Scope FortiClient (MacOS) 7.4.2.
Solution

When connecting to a dial-up IPsec VPN tunnel from a MacOS device, the following error may be encountered:

 

error.PNG

 

This error is because FortiClient on MacOS does not support DH group values above 18 for ikev1 configurations. For FortiClient version 7.4.2, the default DH group value is 20 which is unsupported for MacOS.

 

To resolve this, a value of 18 or lower simply needs to be chosen. An example is provided below.

 

On FortiClient, navigate to Remote Access, then edit the connection using the icon vpn_icon.PNG beside the VPN Name. Next, select VPN Settings and expand Phase 1 and Phase 2 to make the changes similar to the image below.

 

dh group 5.PNG

 

In FortiClient version 7.4.3, the default has been set to DH group 5 for IKEv1 to avoid this issue.
762
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.