Fortinet Community

Michelk · ‎08-02-2022

Hi!

I'm struggling connecting to a VPN.
I log with the exact same credential and server adresse on a PC machine and it works imediately.

I followed step by step the documentation.
1- fctservctl2 is checked in the privacy panel under Full disk Access

2- FortiClient is checked in the privacy panel under Full disk Access

3- I allowed Fortitray when the prompt asked and checked through the terminal with the command systemextensionsctl list

Below is the log :
20220802 07:31:54 [FortiTray:INFO] VpnManager.swift:1149 Connect VPN: IJC
20220802 07:31:54 [FortiTray:INFO] VpnManager.swift:921 Start VPN: IJC
20220802 07:31:54 [FortiTray:INFO] VpnManager.swift:696 VPN connecting
20220802 07:31:55 [FortiTray:EROR] FctBridge.m:130 Refresh public IP failed. 2 tries left
20220802 07:31:56 [FortiTray:EROR] FctBridge.m:130 Refresh public IP failed. 1 tries left
20220802 07:31:58 [FortiTray:EROR] FctBridge.m:130 Refresh public IP failed. 0 tries left
20220802 07:31:58 [FortiTray:INFO] FctBridge.m:133 Public IP retrieved:
20220802 07:31:58 [FortiTray:DEBG] vpnconnection.mm:581 Server URL: https://mfvpn.pjcci.ca:443/factory
20220802 07:31:58 [FortiTray:DEBG] vpnconnection.mm:255 Request: [GET] "/remote/info"
20220802 07:31:58 [FortiTray:INFO] VpnManager.swift:1656 Input request type: 4
20220802 07:31:58 [FortiTray:DEBG] vpnconnection.mm:255 Request: [GET] "/remote/info"
20220802 07:31:58 [FortiTray:EROR] vpnconnection.mm:416 Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x13b8cea00) s: pjc-forti1.pjcci.local i: pjcci-SRV-CA-CA>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://mfvpn.pjcci.ca:443/remote/info, NSErrorFailingURLStringKey=https://mfvpn.pjcci.ca:443/remote/info, NSUnderlyingError=0x600000d806f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x60000326e440>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x13b8cea00) s: pjc-forti1.pjcci.local i: pjcci-SRV-CA-CA>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <0711ECD1-0396-4591-A591-2C29975EE144>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <0711ECD1-0396-4591-A591-2C29975EE144>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x60000326e440>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
20220802 07:31:58 [FortiTray:EROR] vpnconnection.mm:445 Stop on error: Can not connect to VPN server.
20220802 07:31:58 [FortiTray:DEBG] vpnconnection.mm:429 Stop process.
20220802 07:31:58 [FortiTray:DEBG] vpnconnection.mm:473 Cancel http. http task is running: No
20220802 07:31:58 [FortiTray:INFO] VpnManager.swift:1740 Notification: Cancel input
20220802 07:31:58 [FortiTray:INFO] sslvpn_bridge.mm:200 VPN login exception: [1] Can not connect to VPN server.
20220802 07:31:58 [FortiTray:INFO] VpnManager.swift:1569 Notification: Login network error. Can not connect to VPN server.
20220802 07:31:58 [FortiTray:DEBG] VpnManager.swift:649 No reconnect for VPN "IJC". keep-running = false, reconnect-count = 0, keep-running-max-retry = 0
20220802 07:31:58 [FortiTray:INFO] VpnManager.swift:671 VPN disconnected because of error: Network error. Can not connect to VPN server.
20220802 07:31:58 [FortiTray:EROR] sslvpn_bridge.mm:616 Failed to get auth token.
20220802 07:31:58 [FortiTray:DEBG] sslvpn_bridge.mm:558 VPN session wait until finished
----

This is a call for support!
Thanks team,
Michel

Michelk · ‎08-02-2022

I realized that I'm missing permission for the webfilter, could it be this causing the issue?
If yes how can I add the permission?

OwenW · ‎08-02-2022

Cool. Privacy panel permissions are not accurate. You need to run the CLI command.

That's a sidebar. MacOS's, all types had this issue for us under 7.0.6.0208, w SAML VPN. You need to clear the two files that begin with Cache at:
/Users/user_name/Library/Application Support/FortiClient"

In Monterey, this isn't visible unless you're admin, I hear. New stuff, so YMMV, HTH.

-Owen

Michelk · ‎08-02-2022

Thanks Owen!
Can you be more specific about the CLI command I need to run?
Also I can not see the files in the folder specified. I'm admin on the device.

Thanks for your support

OwenW · ‎08-02-2022

CLI: You've got it, sysextensionsctllist -- then you need the list of 7 that need to be installed. FN has it, or I can get it on Friday if time permits.

File location only shows in terminal w permissions stated.

Michelk · ‎08-02-2022

List of 7?
FN?
Also I don't know how to delete the file I can not see!

Michelk · ‎08-05-2022

Hi Everyone, I'm still not able to connect to the SSL VPN using my Mac OS Monterey.
Anyone else could provide me support?

Fortinet Community

FortiClient 7.0.6.0208 + MacOS 12.5 - SSL VPN - Network error. Can not connect to VPN server.