Hello, we've purchased two Razer Blade 15 Windows 11 laptops this year, one in March and another recently. Both laptops will not connect to our IPsec VPN using the FortiClient VPN Only application, it gives "No response from the peer, phase1 retransmit reaches maximum count".
When I encountered this on the first laptop I went through extensive troubleshooting and read quite a few threads here on the Fortinet Forum. It wasn't necessary for the user to have a VPN, so I eventually gave up after trying the following:
- FortiClient (VPN Only) versions 6.4.7, 6.4.8, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5
- Reinstalled FortiClient
- Enabled the Windows IPsec Policy Agent service and set the Startup behavior to Automatic (older Fortinet Forum threads cover this)
- Confirmed Registry key value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\ProhibitIPsec is set to 0
- Attempted to create a native Windows VPN connection following this old 6.0 guide - link
- Attempted to downgrade the NIC driver, like other users had success with in this thread, but it's not possible because the Razer Blade uses an Intel Killer AX1690i NIC driver
- Opened a Fortinet support case using our FortiGate support license: the agent I worked with was unable to help because we don't pay for a FortiClient support license ...
I am still having this problem 6 months later on a different, identical model Razer Blade, and have tried all of the above once again. In addition to those steps I have also attempted to use an earlier version of Intel's Killer Performance Suite, since a NIC driver downgrade is not possible - this did not work either. I opened a case with Razer support to make them aware in case there are other instances of this.
Both of these laptops refuse to connect to our IPsec VPN using FortiClient (VPN Only) 7.0.7 and the error it ultimately gives is here:
9/8/2022 12:16:56 PM warning ipsecvpn date=2022-09-08 time=12:16:55 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=1EAD67B405C340E190B7754B9195A83C devid=FCT8000941997719 hostname=Razer03 pcdomain=N/A deviceip=172.20.10.2 devicemac=MAC site=N/A fctver=7.0.7.0345 fgtserial=FCT8000941997719 emsserial=N/A os="Microsoft Windows 11 , 64-bit (build 22000)" user=USER msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel=TUNNEL locip=172.20.10.2 locport=500 remip=IP remport=500
These threads are nearly identical to our problem, but the solutions do not work: 1 2
I understand the error should mean that the client simply cannot get a response from the VPN server, but it locates the VPN server in the logs when the connection begins, and I'm able to ping the IP as well. Seems way too coincidental for an issue to exist on two different laptops of identical models and OS to experience an identical issue 6 months apart. Something is up. I've deployed a Dell XPS 15 running Windows 11 with the same process and it works flawlessly.
These are the only two machines in our entire organization that have had issues with our IPsec VPN setup. Is anyone able to help us out?
Sounds peculiar, indeed. Just need to confirm, the working laptops vs non-working laptops are all connected to the same network before attempting to connect to the VPN? Or are there different networks involved here?
Different networks involved, these laptops are configured on the same LAN as the VPN server then deployed to the user's home/office in various locations. They connect to the VPN server from their individual networks.
Thanks Graham.
I'm with you that this definitely sounds like a device-specific issue. However, do you have a known-good configuration/device that works on the same network as these non-working devices? Just to 100% rule out network issues...
Also it would be good to do a packet capture on the FortiGate when these clients try to connect. See if you see packets hitting the FortiGate. If not there's a network block downstream.
With IPSec it's hit or miss as it uses UDP port 500 or 4500 and not the more common HTTPS/SSL port 443.
I know this most likely isn't your issue but it's good to rule it out for sure.
Hi Graham, apologies for the slow response. Yes I've tested a few different known-good devices on this same network and other networks, and they don't behave the same as the Blade laptops.
I wanted to share though, I've got this working on ethernet. It's not ideal seeing as these laptops ship with no ethernet port, but it's a relief knowing something works!
We began to capture traffic on the first Blade we received, but did not dive too deep, we didn't look at packets. I'll try this out once this laptop is with the user, and of course keep them on the latest FortiClient release.
If I make any progress on the wifi issue I will report back.
Thank-you
Just wanted to share that I'm having the same issue with a Razer Blade 14. Did you ever find a solution?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.