Debug VPN SSLVPN Linux Ubuntu 14.04

andreas_modul · ‎10-20-2014

Hello community, I try to debug my fortisslvpnclient for Linux on Ubuntu14.04 and got something like that in my error log: Peer' s certificate is not valid. action is 1 Then it shows me the certificate ... Does anyone know what " action is 1" means (stop / proceed) and is there a way to ignore certificate errors!? Does anyone know why it might be not trusted. It shows trusted on the website. Theoretically it' s a valid/trusted Ceritificate. A few lines above it says: trusted CA dir: [..] It did not exist at first, so I created that directory. I copied the CA-Cert there, it did not change the situation but it seems as forticlient has created a symlink to this file ... Any help is appreciated and any idea welcome. Thanks in advance Andreas

Christopher_McMullan · ‎10-20-2014

Just a quick note: The SSLVPN client for Linux does not use a built-in trusted root CA store by default. You can manually add certificates as you did, however. That at least explains half of the behavior you were seeing.

Regards, Chris McMullan Fortinet Ottawa

andreas_modul · ‎10-24-2014

Hello Community,

What I found out:

[ul]

If you want to force using a specific OS version just jump into the 32 ofr 64 bit directory and execute forticlientsslvpn

Logfile: $vpn_home/64bit/helper/forticlientsslvpn.log

Config file: $vpn_home/64bit/helper/config There you can increase logging details and ignore certificate errors.

Within the helper directory you can find a couple of scripts for (re-)installing and other tasks.[/ul]

I could track down my problem to a certificate problem but it works properly with other clients. So I need some more debugging on that.

Best

Andreas

Debug VPN SSLVPN Linux Ubuntu 14.04

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website