Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
davidsteelerose
New Contributor

FortiClient VPN on MacOS Monterey - error code: -121

I upgraded to test the beta version of Monterey. 

FortiClient6.0.9.162

 

The VPN connection terminates unexpectedly! (Error Code: -121)

 

 

20210721 10:59:08.513 [sslvpn:INFO] unknown:0 dns suffix: 20210721 10:59:08.513 [sslvpn:INFO] unknown:0 epctrl ping server: 20210721 10:59:08.514 [sslvpn:INFO] unknown:0 xml parsing split tunnel info 20210721 10:59:08.514 [sslvpn:INFO] unknown:0 xml parse split tunnel info success. Buffer length: 94 bytes 20210721 10:59:08.514 [sslvpn:INFO] unknown:0 blocked all ipv6 traffic 20210721 10:59:08.515 [sslvpn:INFO] unknown:0 begin io loop 20210721 10:59:08.515 [sslvpn:INFO] unknown:0 launch ssl read thread 20210721 10:59:08.515 [sslvpn:INFO] unknown:0 launch tty read thread 20210721 10:59:08.515 [sslvpn:INFO] unknown:0 ssl read thread started 20210721 10:59:08.516 [sslvpn:INFO] unknown:0 main thread waiting for threads termination 20210721 10:59:08.516 [sslvpn:INFO] unknown:0 tty read thread started 20210721 10:59:08.516 [sslvpn:INFO] unknown:0 ssl write thread started 20210721 10:59:08.516 [sslvpn:INFO] unknown:0 tty write thread started 20210721 10:59:08.536 [sslvpn:INFO] unknown:0 pppd may die...trying to fix it 20210721 10:59:08.536 [sslvpn:INFO] unknown:0 pppd may die...trying to fix it 20210721 10:59:40.617 [sslvpn:EROR] unknown:0 ppp interface is not up, so terminate sslvpn 20210721 10:59:40.618 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal 20210721 10:59:40.617 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal 20210721 10:59:40.618 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal 20210721 10:59:40.618 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal 20210721 10:59:40.623 [sslvpn:INFO] unknown:0 io loop finished 20210721 10:59:40.623 [sslvpn:INFO] unknown:0 io finished, kill pppd 20210721 10:59:40.624 [sslvpn:INFO] unknown:0 kill_child:1144 20210721 10:59:40.624 [sslvpn:INFO] unknown:0 tunnel shutdown 0 20210721 10:59:40.624 [sslvpn:INFO] unknown:0 sslvpn starts to clean up 20210721 10:59:40.626 [sslvpn:INFO] unknown:0 sslvpnd terminated

2 Solutions
AlmightyBob

been trying on builds since beta 2 including yesterday's (27 July) release w/ no success. unfortunately we have to run vmware and go through a windows or ubuntu vm to get into the office.

 

the logs just show an extensive amount of this (below, over and over) followed by some IPv6 failed attempts just before it fails to connect.

 

Running on an intel 2019 macbook pro.

 

<?xml version='1.0' encoding='utf-8'?><sslvpn-tunnel ver='2' dtls='1' patch='1'><dtls-config heartbeat-interval='10' heartbeat-fail-count='10' heartbeat-idle-timeout='10' client-hello-timeout='10' /><tunnel-method value='ppp' /><tunnel-method value='tun' /><fos platform='FG100D' major='6' minor='02' patch='2' build='1010' branch='1010' /><auth-ses check-src-ip='1' tun-connect-without-reauth='0' tun-user-ses-timeout='30' /><client-config save-password='off' keep-alive='off' auto-connect='on' /><ipv4><dns domain='...' /><dns ip='...' /><dns ip='...' /><assigned-addr ipv4='...' /></ipv4><idle-timeout val='0' /><auth-timeout val='28800' /></sslvpn-tunnel>
----
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 dns suffix: ...
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 epctrl ping server:
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 begin io loop
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 launch ssl read thread
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 launch tty read thread
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 ssl read thread started
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 main thread waiting for threads termination
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 ssl write thread started
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 tty read thread started
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 tty write thread started
20210714 12:37:01.859 [sslvpn:INFO] unknown:0 got peer's ip address
20210714 12:37:02.779 [sslvpn:INFO] unknown:0 ppp interface is up
20210714 12:37:02.780 [sslvpn:INFO] unknown:0 Current dns 0: ...
20210714 12:37:02.781 [sslvpn:INFO] unknown:0 No wins is set currently
20210714 12:37:03.855 [sslvpn:INFO] unknown:0 try to get ppp's ip address ...
20210714 12:37:03.861 [sslvpn:INFO] unknown:0 No split tunnel is specified
20210714 12:37:03.863 [sslvpn:INFO] unknown:0 ppp address: ...
20210714 12:37:03.863 [sslvpn:INFO] unknown:0 sending sslvpn up message to vpn controller. ping server is  allow_save_password:0 allow_keep_alive:0 allow_auto_connect:1
20210714 12:37:03.868 [sslvpn:INFO] unknown:0 launch DNS monitor thread
20210714 12:37:03.868 [sslvpn:INFO] unknown:0 DNS monitor thread started
20210714 12:37:03.876 [sslvpn:INFO] unknown:0 DNS changed
20210714 12:37:03.882 [sslvpn:INFO] unknown:0 Current DNS and DNS got from FGT are same, no needs to reset
20210714 12:43:52.675 [sslvpn:INFO] unknown:0 shuting down the running tunnel
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 the tunnel is shut down
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.715 [sslvpn:INFO] unknown:0 io loop finished
20210714 12:43:52.736 [sslvpn:INFO] unknown:0 io finished, kill pppd
20210714 12:43:52.768 [sslvpn:INFO] unknown:0 kill_child:7493
20210714 12:43:52.790 [sslvpn:INFO] unknown:0 tunnel shutdown 0
20210714 12:43:52.820 [sslvpn:INFO] unknown:0 sslvpn starts to clean up
20210714 12:43:52.843 [sslvpn:INFO] unknown:0 shuting down the running tunnel
20210714 12:43:52.843 [sslvpn:INFO] unknown:0 the tunnel is shut down
20210714 12:43:52.862 [sslvpn:INFO] unknown:0 sslvpnd terminated
20210715 09:53:01.418 [sslvpn:INFO] unknown:0 current uid: 0
20210715 09:53:01.419 [sslvpn:INFO] unknown:0 get current proxy auto config settings
20210715 09:53:01.423 [sslvpn:INFO] unknown:0 use tty:/dev/ttys000
20210715 09:53:01.425 [sslvpn:INFO] unknown:0 connecting to ...:... - ...
20210715 09:53:01.521 [sslvpn:INFO] unknown:0 [DoLicCheck]...
20210715 09:54:12.548 [sslvpn:INFO] unknown:0 shuting down the running tunnel
20210715 09:54:12.548 [sslvpn:INFO] unknown:0 the tunnel is shut down
20210715 09:54:12.549 [sslvpn:INFO] unknown:0 [DoLicCheck]: GET /remote/licensecheck ... (usr=(null), send 585 of 585 bytes):
GET /remote/licensecheck HTTP/1.1
Host: sslvpn
Cookie: SVPNCOOKIE=+...

View solution in original post

keeno
New Contributor

I had a similar problem with "old" version of FC (Sorry I don't remember which one, since I didn't check before uninstall): every time I tried to connect, it said it couldn't, without any error message. I tried to download version 7 from site but I had another problem (it was "forticlientupdate" app and it gave the message "no updates found" - that's why I uninstalled the old one, to try to avoid this behavior). I came here and I found, in another thread, a hint to download offline installer, so I got version 7.0.0.0022 and it worked like a charm.

Hope this could help

View solution in original post

21 REPLIES 21
davidsteelerose
New Contributor

Has anyone tried FortiClient on the new version of MacOS Monterey and been successful?

AlmightyBob

been trying on builds since beta 2 including yesterday's (27 July) release w/ no success. unfortunately we have to run vmware and go through a windows or ubuntu vm to get into the office.

 

the logs just show an extensive amount of this (below, over and over) followed by some IPv6 failed attempts just before it fails to connect.

 

Running on an intel 2019 macbook pro.

 

<?xml version='1.0' encoding='utf-8'?><sslvpn-tunnel ver='2' dtls='1' patch='1'><dtls-config heartbeat-interval='10' heartbeat-fail-count='10' heartbeat-idle-timeout='10' client-hello-timeout='10' /><tunnel-method value='ppp' /><tunnel-method value='tun' /><fos platform='FG100D' major='6' minor='02' patch='2' build='1010' branch='1010' /><auth-ses check-src-ip='1' tun-connect-without-reauth='0' tun-user-ses-timeout='30' /><client-config save-password='off' keep-alive='off' auto-connect='on' /><ipv4><dns domain='...' /><dns ip='...' /><dns ip='...' /><assigned-addr ipv4='...' /></ipv4><idle-timeout val='0' /><auth-timeout val='28800' /></sslvpn-tunnel>
----
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 dns suffix: ...
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 epctrl ping server:
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 begin io loop
20210714 12:37:01.778 [sslvpn:INFO] unknown:0 launch ssl read thread
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 launch tty read thread
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 ssl read thread started
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 main thread waiting for threads termination
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 ssl write thread started
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 tty read thread started
20210714 12:37:01.779 [sslvpn:INFO] unknown:0 tty write thread started
20210714 12:37:01.859 [sslvpn:INFO] unknown:0 got peer's ip address
20210714 12:37:02.779 [sslvpn:INFO] unknown:0 ppp interface is up
20210714 12:37:02.780 [sslvpn:INFO] unknown:0 Current dns 0: ...
20210714 12:37:02.781 [sslvpn:INFO] unknown:0 No wins is set currently
20210714 12:37:03.855 [sslvpn:INFO] unknown:0 try to get ppp's ip address ...
20210714 12:37:03.861 [sslvpn:INFO] unknown:0 No split tunnel is specified
20210714 12:37:03.863 [sslvpn:INFO] unknown:0 ppp address: ...
20210714 12:37:03.863 [sslvpn:INFO] unknown:0 sending sslvpn up message to vpn controller. ping server is  allow_save_password:0 allow_keep_alive:0 allow_auto_connect:1
20210714 12:37:03.868 [sslvpn:INFO] unknown:0 launch DNS monitor thread
20210714 12:37:03.868 [sslvpn:INFO] unknown:0 DNS monitor thread started
20210714 12:37:03.876 [sslvpn:INFO] unknown:0 DNS changed
20210714 12:37:03.882 [sslvpn:INFO] unknown:0 Current DNS and DNS got from FGT are same, no needs to reset
20210714 12:43:52.675 [sslvpn:INFO] unknown:0 shuting down the running tunnel
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 the tunnel is shut down
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.676 [sslvpn:INFO] unknown:0 reveive SIGUSR1 signal
20210714 12:43:52.715 [sslvpn:INFO] unknown:0 io loop finished
20210714 12:43:52.736 [sslvpn:INFO] unknown:0 io finished, kill pppd
20210714 12:43:52.768 [sslvpn:INFO] unknown:0 kill_child:7493
20210714 12:43:52.790 [sslvpn:INFO] unknown:0 tunnel shutdown 0
20210714 12:43:52.820 [sslvpn:INFO] unknown:0 sslvpn starts to clean up
20210714 12:43:52.843 [sslvpn:INFO] unknown:0 shuting down the running tunnel
20210714 12:43:52.843 [sslvpn:INFO] unknown:0 the tunnel is shut down
20210714 12:43:52.862 [sslvpn:INFO] unknown:0 sslvpnd terminated
20210715 09:53:01.418 [sslvpn:INFO] unknown:0 current uid: 0
20210715 09:53:01.419 [sslvpn:INFO] unknown:0 get current proxy auto config settings
20210715 09:53:01.423 [sslvpn:INFO] unknown:0 use tty:/dev/ttys000
20210715 09:53:01.425 [sslvpn:INFO] unknown:0 connecting to ...:... - ...
20210715 09:53:01.521 [sslvpn:INFO] unknown:0 [DoLicCheck]...
20210715 09:54:12.548 [sslvpn:INFO] unknown:0 shuting down the running tunnel
20210715 09:54:12.548 [sslvpn:INFO] unknown:0 the tunnel is shut down
20210715 09:54:12.549 [sslvpn:INFO] unknown:0 [DoLicCheck]: GET /remote/licensecheck ... (usr=(null), send 585 of 585 bytes):
GET /remote/licensecheck HTTP/1.1
Host: sslvpn
Cookie: SVPNCOOKIE=+...

davidsteelerose

Thank you AlmightyBob.

 

Hopefully we will hear from someone at Fortinet that they are aware of this issue and if there are workarounds. 

 

I'm going to give it another week, while I'm on vacation, before I roll back my MacOS. There are plenty of things that could be broken, but the FortiClient is one that I can't do without!

 

 

keeno
New Contributor

I had a similar problem with "old" version of FC (Sorry I don't remember which one, since I didn't check before uninstall): every time I tried to connect, it said it couldn't, without any error message. I tried to download version 7 from site but I had another problem (it was "forticlientupdate" app and it gave the message "no updates found" - that's why I uninstalled the old one, to try to avoid this behavior). I came here and I found, in another thread, a hint to download offline installer, so I got version 7.0.0.0022 and it worked like a charm.

Hope this could help

davidsteelerose

I was wondering if there was a way to install FortiClient without the Online Installer.dmg that detects current version. Mine also says no new client available. 

 

Does anyone have a link to any page listing all client versions for macOS or know where I can download the most current version as an Offline Installer as suggested in this post?

keeno

I found the solution to download offline installer in this message, as I wrote before:

 

https://forum.fortinet.com/FindPost/193145

 

Just checked the XML that appears and copied/pasted the right string at the end of address

 

Hope this helps

AlmightyBob

ok, so i got it to work but had to jump through some serious rings of fire to get it installed (since we switched to forticlient i've had to do this before.  I've never been a fan of forticlient for this reason, its just easier when our hardware can update to the latest client and we can just download it by logging in to the web interface but occasionally we have to do it this way too... ).

 

the link to the "offline" installers thread just point to the files listed below, but they're online installers and these still try to download the offline installers which for me still fail, then delete the offline file for some reason. this post will show you how to run, catch and save the file it downloads so you can actually install the offline version.

[ol]
  • first, just download the latest client off the downloads page here: https://www.fortinet.com/support/product-downloads
  • mount the FortiClientVPN_7.0.0.22_OnlineInstaller.dmg and inside that there's a ForticlientUpdate.app, drag this file your Applications (you can delete it later) folder in finder
  • Navigate to your applications folder, and right click the app and Show Package Contents
  • Expand and right click on the MacOS folder, and select Services -> New Terminal at Folder
  • In your terminal window type "sudo ./ForticlientUpdate" and hit enter (you will need to enter your password as well to run the "sudo" command), this will run the update app in your terminal window which will allow you to see the output of the app and where it's cached the actual setup (i.e. offline setup) before it fails, deletes this file and says "nope... i can't do that"
  • Let that run and when its finished downloading the offline installer to a temporary folder (and stops) open another terminal window and type "sudo cp <path from the terminal window above> ~/Downloads/ForticlientOffline.dmg" and hit enter (again you will likely need to enter your password to run this command)
  • Now go in finder and double click the offline installer and simply run through the setup and enjoy the functional FortiClient app [/ol]

     

    At this point you can delete the update app in your applications folder and configure your vpn client.

     

    This should get you up and running as well.  Hope this helps.

     

    Cheers!

     

  • Fabian_JuS

    For me neither offline installation nor any other workaround solved my problem. But after hours of trying I came up with another Workaround. At least for M1 Macs it is possible to download the FortiClient VPN App for Ipad/IPhone. Worked without any issues

    JamieWhite

    For those looking for the macOS offline installer you can find it here https://filestore.fortinet.com/forticlient/downloads/FortiClient_7.0.0.22_macosx.dmg

     

    This worked for me on an Intel Macbook running macOS Monterey 12.0.1