This article explains how to fix an issue where the FortiClient stops loading at 31% and displays the error 'Unable to establish VPN connection. The VPN server may be unreachable (-6005)'.

Screenshot of the error:

This error may occur with Two-Factor Authentication after accepting the token code or after entering the answer to a security question. The time limit reaches 0 while authenticating, triggering this error.

To fix it, increase the remote authentication timer with the following CLI commands:

config system global

    set remoteauthtimeout 60

end

'60' is a recommended value that will give 120 seconds for the authentication process to complete. The default is 5. Use any desired and suitable value.

Another possibility is in the case of firewall policy created for the SSL VPN where the source interface is ssl.root is mis-configured with the wrong user group, for example, or the wrong source IP. 

Note:
If the issue persists, check SSL VPN logs and see if there are any failed login attempts. If so, this may indicate a brute force attempt. Restart the SSL VPN process using the 'fnsysctl killall sslvpnd' command to temporarily restore the service. Restarting the process will disconnect all current connected users. To minimize the effectiveness of brute force attempts, see Technical Tip: How to secure and limit an SSL VPN unknown user login (Brute force attack).