Troubleshooting Tip: SSL VPN error after reissuing certificate 'Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)'

SAJUDIYA · ‎10-14-2024

Description

This article describes how to resolve an error where SSL VPN setup fails at 40 % after reissued certificate and giving error 'Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)'.

Scope

FortiOS all versions.

Solution

SSL VPN debug shows SSL acceptance failed in debug logs:

[238:root:26]allocSSLConn:298 sconn 0x7f99c1fb00 (0:root)
[238:root:26]SSL state:before SSL initialization (X.X.X.X)
[238:root:26]SSL state:before SSL initialization (X.X.X.X)
[238:root:26]got SNI server name: vpn.domainexample.com realm (null)
[238:root:26]client cert requirement: no
[238:root:26]SSL state:SSLv3/TLS read client hello (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server hello (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write certificate (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write key exchange (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server done (X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server done:system lib(X.X.X.X)
[238:root:26]SSL state:SSLv3/TLS write server done:DH lib(X.X.X.X)
[238:root:26]SSL_accept failed, 5:(null)
[238:root:26]Destroy sconn 0x7f99c1fb00, connSize=0. (root)

Uninstall the certificate and install it again. This will most likely fix the issue.

Related article:

Troubleshooting Tip: FortiClient VPN stops at 40% with PKI users

Troubleshooting Tip: SSL VPN error after reissuing certificate 'Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)'

You are leaving our website