Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tomasm
New Contributor

FortiClient Mac OS X 7.0 problem with Client cert auth

Hi,

 

we use FortiClient on Mac OS X to connect to our customers VPNs.Till this week I used macOS 10.15/Catalina with forticlient 6.0 and everything was working well. Now I upgraded to macOS 12/Monterey which didn't work with forticlient 6.0, thus upgraded client to 7.0.5.0166

 

Connecting to VPNs without certificate auth works well, but i'm unable to get VPN with client cert auth working. Same setup (certificate, password) works well on windows (and also worked well on previous setup - macOS 10.15/client 6.0). The problem might be related to special characters in certificate name, the VPN setup looks like:

Screenshot 2022-05-06 at 21.20.44.png

 however connection window shows incorrect client certificate name:

Screenshot 2022-05-06 at 21.16.38.png

 

On old system / forticlient 6.0 everything seems to be right (connection window had proper characters). Once I tried new forticlient 7 on old macOS 10.15 and it didn't work. After downgrade to client 6.0 everythig was OK again (no change in certificate)

 

I tried reimporting the certificate to macOS, didn't help. I have more client certificates in keychain, they all show good names in setup window bud bad (escaped) in login window

 

Log file does't show anything interesting (to me)

===

20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:28:04 [FortiTray:DEBG] VPNMessageBridge.m:468 Request VPN statistics
20220506 21:28:10 [FortiTray:INFO] VPNMessageBridge.m:417 Request VPN connect
20220506 21:28:10 [FortiTray:DEBG] VPNMessageBridge.m:445 VPN profile: Gxxxxx
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:1068 Connect VPN: Gxxxxx
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:857 Start VPN: Gxxxx
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:642 VPN connecting
20220506 21:28:10 [FortiTray:DEBG] vpnconnection.mm:540 Server URL: https://ssl.xxxxxx:443
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:215 ApiEncMethod: 0
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:217 ApiRemoteAuthTimeout: 30
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:219 ApiServerSalt: 6538c2b8
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:220 flag: 223
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:314 Send authentication request
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:364 /remote/logincheck returns 405
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:378 Check response
20220506 21:28:10 [FortiTray:DEBG] vpnconnection.mm:400 Stop process.
20220506 21:28:10 [FortiTray:DEBG] vpnconnection.mm:432 Cancel http. http task is running: No
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:1582 Notification: Cancel input
20220506 21:28:10 [FortiTray:INFO] sslvpn_bridge.mm:77 Login failed. Result: 0
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:617 VPN disconnected because of error: Login failed. Insufficient credential(s). Please check the password, client certificate, etc.
20220506 21:28:10 [FortiTray:DEBG] VPNMessageBridge.m:468 Request VPN statistics

===

 

Can anyone help with this ?

 

Thanks. Tomas

TM
7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Hello tomasm,

 

Thank you for using the Community Forum.

 

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello tomasm,

 

I could see that a user met the same issue and it has been solved:

 

https://community.fortinet.com/t5/Fortinet-Forum/SSL-VPN-Windows-Works-MacOS-does-not/m-p/47900?m=19...

 

Could you please have a look and tell me if it helped?

 

Thanks a lot in advance.

 

Regards,

Anthony-Fortinet Community Team.
tomasm
New Contributor

I double checked the post mentioned, I do not see fortitray there (likely I allowed it before) even after forticlient reinstall. I also doublechecked and everything listed here is allowed if present:

https://docs.fortinet.com/document/forticlient/7.0.5/macos-release-notes/223986/special-notices

 

Anyway I think my case is different - some VPNs do work for me, problem is only with ones where I need to use certificate auth (possibly only with special characters in cert name, but this is only my guess as all my VPN client certs do have diacritics)

 

Thanks. Tomas

TM
train_wreck
New Contributor III

Tomas, have you found a solution? I have read elsewhere that Forticlient 7 is broken and to use 6.4, but I cannot find where to download that. For now I gave up on Forticlient and just used the built-in Macos VPN client, which works fine for IPsec using the same client cert as the one I am trying to use for the SSL VPN.

tomasm

Unfortunately I have no solution (except of connecting from Windows PC) and cannot contact official support as we do not have contract with Fortinet (it's our customer, but they do not care about our problems)

 

On old OS X I recall last working version was 6.0 (as soon as GUI was blue it didn't work)

 

Based on your input I tried configuring native Macos VPN, but I have to use both password and cert which I haven't figured out how to configure

 

I'm running out of options and hope

TM
FreddyE
New Contributor II

I applied with great faith all the steps that that note shows, but NOTHING works.. the error follows.

FreddyE_0-1656137469256.png

 

The strange thing about this, is that no matter what values you put in the username, password or if you use any port, even if they are wrong, IT ALWAYS DELIVERS THIS MESSAGE.

 

FreddyE_1-1656137538888.png

 

FreddyE
New Contributor II

I have registered only to comment that this product is really bad on MacOS platform. This problem has been present since FortClient 6.4, now I have had to uninstall (this version stopped working on OS Monterey) this version and install the latest version, 7.05.

 

I have the same problem as @tomasm  and have not been able to get this "app" to work.

 

I hope that the official Fortinet "Support" can read these topics (I think that's what they exist for), to see if. they can resolve the error, which is clearly the product.

 

Cheers,
Freddy