Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jfbueno
New Contributor II

Created on ‎12-30-2021 03:22 AM Edited on ‎12-30-2021 03:36 AM

Can't connect to IPsec VPN in Windows 11

I wasn't able to connect to an IPsec VPN through FortiClient VPN (7.0.2.0090 free) when updated to Windows 11 (build 22000), SSL VPNs were working fine. When I downgraded to Windows 10 (21h2 build 19044.1415) the IPsec VPN started working again.

 

This is the error that I got on FortiClient

 

error.png

And this is the log that I exported

 

 

 

12/28/2021 4:02:55 PM	info	sslvpn	date=2021-12-28 time=16:02:54 logver=1 id=96602 type=securityevent subtype=sslvpn eventtype=status level=info uid=19AEBE88942A48F59578C42AA765D590 devid=FCT8003159070034 hostname=DESKTOP-5BJFTJ3 pcdomain=N/A deviceip=192.168.224.1 devicemac=<redacted> site=N/A fctver=7.0.2.0090 fgtserial=FCT8003159070034 emsserial=N/A os="Microsoft Windows 11 , 64-bit (build 22000)" user=bueno msg="SSLVPN service started successfully" vpnstate=

12/28/2021 4:03:04 PM	info	system	date=2021-12-28 time=16:03:03 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=19AEBE88942A48F59578C42AA765D590 devid=FCT8003159070034 hostname=DESKTOP-5BJFTJ3 pcdomain=N/A deviceip=192.168.224.1 devicemac=<redacted> site=N/A fctver=7.0.2.0090 fgtserial=FCT8003159070034 emsserial=N/A os="Microsoft Windows 11 , 64-bit (build 22000)" user=bueno msg="Checking for updates"

12/28/2021 4:04:26 PM	info	ipsecvpn	date=2021-12-28 time=16:04:25 logver=1 id=96566 type=securityevent subtype=ipsecvpn eventtype=status level=info uid=19AEBE88942A48F59578C42AA765D590 devid=FCT8003159070034 hostname=DESKTOP-5BJFTJ3 pcdomain=N/A deviceip=192.168.224.1 devicemac=<redacted> site=N/A fctver=7.0.2.0090 fgtserial=FCT8003159070034 emsserial=N/A os="Microsoft Windows 11 , 64-bit (build 22000)" user=bueno msg="loc_ip=192.168.100.2 loc_port=500 rem_ip=<vpn-external-ip> rem_port=500 out_if=0 vpn_tunnel=RS IPsec action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent <vpn-external-ip> aggressive mode message #1 (OK)" vpntunnel="RS IPsec"

12/28/2021 4:04:38 PM	warning	ipsecvpn	date=2021-12-28 time=16:04:37 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=19AEBE88942A48F59578C42AA765D590 devid=FCT8003159070034 hostname=DESKTOP-5BJFTJ3 pcdomain=N/A deviceip=192.168.224.1 devicemac=<redacted> site=N/A fctver=7.0.2.0090 fgtserial=FCT8003159070034 emsserial=N/A os="Microsoft Windows 11 , 64-bit (build 22000)" user=bueno msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="RS IPsec" locip=192.168.100.2 locport=500 remip=<vpn-external-ip> remport=500

 

 

 

This is a log exported after a successful connection (in W10)

 

 

12/30/2021 8:24:23 AM	info	ipsecvpn	date=2021-12-30 time=08:24:22 logver=1 id=96566 type=securityevent subtype=ipsecvpn eventtype=status level=info uid=19AEBE88942A48F59578C42AA765D590 devid=FCT8003159070034 hostname=DESKTOP-5BJFTJ3 pcdomain=N/A deviceip=<my-external-ip> devicemac=<redacted> site=N/A fctver=7.0.2.0090 fgtserial=FCT8003159070034 emsserial=N/A os="Microsoft Windows 10 , 64-bit (build 19041)" user=bueno msg="loc_ip=192.168.100.2 loc_port=4500 rem_ip=<vpn-external-ip> rem_port=4500 out_if=0 vpn_tunnel=CIEE-RS action=negotiate init=local mode=quick stage=2 dir=outbound status=success Initiator: sent <vpn-external-ip> quick mode message #2 (DONE)" vpntunnel=CIEE-RS

 

 

In this log the loc_port and rem_port are different (4500, in the other log it's 500), also the deviceip is my external IP, not a local IP (that doesn't look like an IP that my machine would be using).

 

I don't know if that's causing the problem, but it's all I can find.

 

Does anyone have any tips?

 

Labels:
63801
1 Solution
SkepticSensei
New Contributor II
In response to armandoa

Created on ‎02-15-2022 11:08 AM Edited on ‎02-15-2022 11:21 AM

I figured out the issue. It is a Windows 11 Ethernet driver issue. 

Wifi connects to VPN, Ethernet via USB to Eth adapter works. 

I downgraded to Win10 Realtek 10.54 driver version.

That fixed the issue for me.

 

Realtek PCIe FE / GBE / 2.5G / Gaming Ethernet Family Controller Software - REALTEK

 

 

let me know if this works for anyone else. 

View solution in original post

59142
38 REPLIES 38
VincentCA
New Contributor
In response to BillWabo

Created on ‎05-02-2023 02:33 PM

Now that I'm looking, I do see a Realtek, but it's for the USB (Realtek USB GbE Family Controller).
Other than that, this is what I have: 

  • Fortinet SSL VPN Virtual Ethernet Adapter
  • Fortinet Virtual Ethernet Adapter (NDIS 6.30)
  • Killer(R) Wi-Fi 6E AX1690i 160MHz Wireless Network Adapter (41 INGW) #4

Primarily I use WIFI when trying to connect to the ipsec VPN.

9939
0 Kudos
BillWabo
New Contributor II
In response to VincentCA

Created on ‎05-02-2023 03:06 PM

 

Try to install the windows 10 on windows 11.  That worked for us.(Win10 Auto Installation Program (NDIS)

https://www.realtek.com/en/directly-download?downloadid=0b79af1e7509a5c294810f433179dbe6

 

Let’s us know it’s working!

9932
VincentCA
New Contributor
In response to BillWabo

Created on ‎05-02-2023 03:41 PM Edited on ‎05-02-2023 03:42 PM

Tried installing it and got the following error. After finishing the install it still doesn't connect.

Screenshot 2023-05-02 183820.png

Side-note: Link you sent didn't work, but I followed the download path of the original solution and downloaded the NDIS from there.

9927
0 Kudos
VincentCA
New Contributor
In response to VincentCA

Created on ‎09-26-2023 11:51 AM

Still no luck. All new computers I've been setting up with Windows 11 will not work with IPSec.

7072
0 Kudos
routeleak
New Contributor
In response to SkepticSensei

Created on ‎07-20-2023 12:21 PM

Thank you so much! I'll add that I installed the Win10 driver, version number 1.1.4.38. Got it from the LAN driver package from Asus' website.

8407
0 Kudos
gaitolini
New Contributor
In response to SkepticSensei

Created on ‎10-26-2023 01:53 PM

  1. Identifique seu Controlador de Ethernet: Primeiro, descubra qual é o controlador de Ethernet em seu sistema. No seu caso, você mencionou que resolveu o problema com um driver Realtek PCIe FE/GbE/2.5G. Certifique-se de conhecer o modelo específico do controlador Ethernet.

  2. Faça o Download da Versão do Driver: Acesse o site do fabricante do seu controlador Ethernet (no caso da Realtek, o site da Realtek) e baixe a versão mais recente do driver. No entanto, você mencionou que a versão 10.68 do driver funcionou para você. Portanto, você pode optar por baixar essa versão específica se estiver disponível.

  3. Desinstale o Driver Atual: No Windows 11, desinstale o driver Ethernet atual. Você pode fazer isso acessando "Gerenciador de Dispositivos," localizando o adaptador de rede Ethernet e selecionando a opção de desinstalação. Certifique-se de reiniciar o computador após a desinstalação.

  4. Instale a Nova Versão do Driver: Após reiniciar o computador, instale a nova versão do driver Ethernet que você baixou no passo 2.

  5. Conecte à VPN: Após a instalação do novo driver, tente se conectar à VPN IPsec novamente usando o FortiClient. A conectividade deve ser restaurada.

    Obrigado @SkepticSensei 

6418
0 Kudos
ddawson
New Contributor
In response to SkepticSensei

Created on ‎12-22-2023 01:49 PM

Dec 2023 and this is still valid! I had a RealTek Family Controller on Windows 11 and this Win 10 installer worked for me:

 

https://www.realtek.com/en/component/zoo/category/pci-8169-8110

5054
0 Kudos
armandoa
New Contributor
In response to SkepticSensei

Created on ‎12-22-2023 03:33 PM

It worked! Thanks!

5042
0 Kudos
marcoperson_250
New Contributor II
In response to SkepticSensei

Created on ‎12-26-2023 02:09 AM

Great informative links 

4948
0 Kudos
mdilena
New Contributor

Created on ‎02-16-2022 12:21 AM

Thanks @SkepticSensei , I just downgraded to 10.54 and everything started working!

16781
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.