- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Cannot connect to network: Create VPN network inte...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot connect to network: Create VPN network interface failed
OS: Linux
Kernel: 6.9.3
FortiClient VPN Version: 7.4.0.1636
I have been connecting to this network for months, this morning when trying to connect I had this on my console output
Create VPN network interface failed
Now the usual way of connection just does not work. Here are my log outputs:
sslvpn.log
20240614 14:13:09.997 TZ=+0100 [sslvpn:INFO] main:1817 Init
20240614 14:13:09.000 TZ=+0100 [sslvpn:INFO] main:622 Load profile: eicon
20240614 14:13:09.002 TZ=+0100 [sslvpn:DEBG] main:631 Inherit local DNS: No
20240614 14:13:09.002 TZ=+0100 [sslvpn:DEBG] main:644 DNS service resetting interval: 0
20240614 14:13:09.002 TZ=+0100 [sslvpn:INFO] main:329 Get DBUS session bus address
20240614 14:13:10.004 TZ=+0100 [sslvpn:DEBG] main:333 Failed to find DBUS session bus address in dbus-daemon, try to find in dbus-broker
20240614 14:13:10.005 TZ=+0100 [sslvpn:DEBG] main:393 get passwd: true, get cert passwd: false, get user input: false
20240614 14:13:10.018 TZ=+0100 [sslvpn:INFO] main:329 Get DBUS session bus address
20240614 14:13:10.020 TZ=+0100 [sslvpn:DEBG] main:333 Failed to find DBUS session bus address in dbus-daemon, try to find in dbus-broker
20240614 14:13:10.021 TZ=+0100 [sslvpn:INFO] main:1288 Load profile: eicon
20240614 14:13:10.022 TZ=+0100 [sslvpn:DEBG] main:1676 FCT UID: 4EDEF716958543398A8C4A27C64F422D
20240614 14:13:10.023 TZ=+0100 [sslvpn:DEBG] main:1691 EMS not registed
20240614 14:13:10.023 TZ=+0100 [sslvpn:DEBG] main:1704 Public IP is not set
20240614 14:13:10.023 TZ=+0100 [sslvpn:INFO] main:1481 State: Connecting
20240614 14:13:10.034 TZ=+0100 [sslvpn:DEBG] vpn_connection:1506 Server URL: https://MY_NETWORK_HOSTNAME
20240614 14:13:10.047 TZ=+0100 [sslvpn:INFO] main:1481 State: Logging in
20240614 14:13:10.047 TZ=+0100 [sslvpn:INFO] vpn_connection:1944 /remote/info
20240614 14:13:14.391 TZ=+0100 [sslvpn:DEBG] vpn_connection:406 https server 'MY_NETWORK_HOSTNAME' has this certificate, which looks good to me:
20240614 14:13:14.839 TZ=+0100 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20240614 14:13:14.839 TZ=+0100 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20240614 14:13:14.839 TZ=+0100 [sslvpn:INFO] sslvpn:92 ApiEncMethod: 0
20240614 14:13:14.839 TZ=+0100 [sslvpn:INFO] sslvpn:93 ApiRemoteAuthTimeout: 30
20240614 14:13:14.839 TZ=+0100 [sslvpn:INFO] sslvpn:94 ApiServerSalt: 1c941201
20240614 14:13:14.839 TZ=+0100 [sslvpn:INFO] sslvpn:95 flag: 15583
20240614 14:13:14.839 TZ=+0100 [sslvpn:INFO] vpn_connection:1944 /remote/login
20240614 14:13:18.690 TZ=+0100 [sslvpn:DEBG] vpn_connection:406 https server 'MY_NETWORK_HOSTNAME' has this certificate, which looks good to me:
20240614 14:13:19.198 TZ=+0100 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20240614 14:13:19.200 TZ=+0100 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20240614 14:13:19.200 TZ=+0100 [sslvpn:INFO] vpn_connection:1944 /remote/logincheck
20240614 14:13:22.887 TZ=+0100 [sslvpn:DEBG] vpn_connection:406 https server 'MY_NETWORK_HOSTNAME' has this certificate, which looks good to me:
20240614 14:13:23.406 TZ=+0100 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20240614 14:13:23.406 TZ=+0100 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20240614 14:13:23.406 TZ=+0100 [sslvpn:INFO] sslvpn:234 Authentication passed.
20240614 14:13:23.406 TZ=+0100 [sslvpn:INFO] vpn_connection:1944 /remote/fortisslvpn
20240614 14:13:27.189 TZ=+0100 [sslvpn:DEBG] vpn_connection:406 https server 'MY_NETWORK_HOSTNAME' has this certificate, which looks good to me:
20240614 14:13:27.800 TZ=+0100 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20240614 14:13:27.800 TZ=+0100 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20240614 14:13:27.800 TZ=+0100 [sslvpn:INFO] vpn_connection:1944 /remote/fortisslvpn_xml
20240614 14:13:31.694 TZ=+0100 [sslvpn:DEBG] vpn_connection:406 https server 'MY_NETWORK_HOSTNAME' has this certificate, which looks good to me:
20240614 14:13:32.819 TZ=+0100 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20240614 14:13:32.820 TZ=+0100 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20240614 14:13:32.820 TZ=+0100 [sslvpn:DEBG] server_response_parser:114 DTLS config heartbeat interval: 3
20240614 14:13:32.820 TZ=+0100 [sslvpn:DEBG] server_response_parser:115 DTLS config heartbeat fail count: 3
20240614 14:13:32.820 TZ=+0100 [sslvpn:DEBG] server_response_parser:116 DTLS config heartbeat idle timeout: 3
20240614 14:13:32.820 TZ=+0100 [sslvpn:DEBG] server_response_parser:117 DTLS config client hello timeout: 10
20240614 14:13:32.820 TZ=+0100 [sslvpn:INFO] vpn_connection:1944 /remote/portal
20240614 14:13:36.611 TZ=+0100 [sslvpn:DEBG] vpn_connection:406 https server 'MY_NETWORK_HOSTNAME' has this certificate, which looks good to me:
20240614 14:13:37.219 TZ=+0100 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20240614 14:13:37.220 TZ=+0100 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20240614 14:13:37.220 TZ=+0100 [sslvpn:INFO] sslvpn:463 /remote/portal username extracted thiago.sousa
20240614 14:13:37.220 TZ=+0100 [sslvpn:DEBG] vpn_connection:1359 Login process end on status: 0
20240614 14:13:37.220 TZ=+0100 [sslvpn:INFO] sslvpn:824 Login successful
20240614 14:13:37.254 TZ=+0100 [sslvpn:INFO] main:1481 State: Configuring tunnel
20240614 14:13:37.259 TZ=+0100 [sslvpn:EROR] vif:32 Failed open tun device
20240614 14:13:37.259 TZ=+0100 [sslvpn:EROR] vpn_connection:1627 Create VPN network interface failed
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] dns:73 Restore DNS config
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] dns:77 No DNS backup file was found. Skip.
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] mtu:116 Restore MTU.
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] mtu:120 No MTU backup file was found. Skip.
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] route:160 clean up route...
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] route:164 Cleanup file not found
20240614 14:13:37.265 TZ=+0100 [sslvpn:DEBG] main:1911 exception: Create VPN network interface failed
20240614 14:13:37.286 TZ=+0100 [sslvpn:INFO] main:1817 Init
20240614 14:13:37.286 TZ=+0100 [sslvpn:INFO] main:1829 VPN is running in restore DNS mode
20240614 14:13:37.291 TZ=+0100 [sslvpn:DEBG] dns:73 Restore DNS config
20240614 14:13:37.291 TZ=+0100 [sslvpn:DEBG] dns:77 No DNS backup file was found. Skip.
20240614 14:13:37.291 TZ=+0100 [sslvpn:DEBG] mtu:116 Restore MTU.
20240614 14:13:37.291 TZ=+0100 [sslvpn:DEBG] mtu:120 No MTU backup file was found. Skip.
Any ideas on what might be misconfigured?
Solved! Go to Solution.
Labels:
- Labels:
-
FortiClient
-
SSL-VPN
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ndumaj
I do not know why, but this Monday morning when I tried connecting it just connected. Even though it does not work through the CLI anymore I managed to connect through the GUI app.
I did not change anything on my system since the post, but the error stopped so I'm closing the post.
Oh, btw, what is this diag command you mentioned. In case this happens again i can expand the logs.
The only executables I got from the install are forticlient and fortivpn(which apparently is just a shortcut for running forticlient vpn).
Thank you for your time.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@hbac
I had an older version installed, do not remember which one. The error started happening, then I removed the version I had and downloaded the latest one available. The error persisted.
I do not know why, but this Monday morning when I tried connecting it just connected. Even though it does not work through the CLI anymore I managed to connect through the GUI app.
I did not change anything on my system since the post, but the error stopped so I'm closing the post.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @thiagojdb,
It looks like the client fails setting up the tunnel:
20240614 14:13:37.259 TZ=+0100 [sslvpn:EROR] vif:32 Failed open tun device
20240614 14:13:37.259 TZ=+0100 [sslvpn:EROR] vpn_connection:1627 Create VPN network interface failedAs hbac you can try with several forticlient version if it will work, otheriwse enable the debug on FGT:
diag debug console timestamp enable
diag debug app fnbamd -1
diag debug app sslvpn -1
diag debug enable
Additionally, check the timeout settings:
- Happy to help, hit like and accept the solution -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ndumaj
I do not know why, but this Monday morning when I tried connecting it just connected. Even though it does not work through the CLI anymore I managed to connect through the GUI app.
I did not change anything on my system since the post, but the error stopped so I'm closing the post.
Oh, btw, what is this diag command you mentioned. In case this happens again i can expand the logs.
The only executables I got from the install are forticlient and fortivpn(which apparently is just a shortcut for running forticlient vpn).
Thank you for your time.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @thiagojdb
Nice to hear that it worked,
The diag will check the authentication process "FNBAM Daemon" and SSLVPN.
From the guide, I found only this:
https://docs.fortinet.com/document/forticlient/7.4.0/linux-release-notes/580078
To open the FortiClient (Linux) GUI:
- Do one of the following:
- In the terminal, run the
forticlientcommand. - Open Applications and search for
forticlient.
BR
- In the terminal, run the
- Happy to help, hit like and accept the solution -
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Client Url access issue via VPN 62 Views
- FortiGate/FortiManager communication over NAT 81 Views
- How do I avoid using default... 116 Views
- need to have image of fortigate... 195 Views
- DLP testing for Outlook and Gmail... 185 Views
Labels
-
FortiGate
7,139 -
FortiClient
1,408 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
454 -
6.0
416 -
FortiAP
373 -
FortiSwitch
369 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
126 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
94 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
Routing
16 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
DNS Filter
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Web rating
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1059 | |
| 883 | |
| 525 | |
| 441 | |
| 147 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.