Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ryanswj
New Contributor

Created on ‎03-21-2025 04:34 AM Edited on ‎03-21-2025 04:35 AM

FortiClient Remote Access IPsec-over-TCP not working

Hi, I am running FortiOS 7.4.7 on a FortiGate-60F and am trying to migrate from SSLVPN to IPsec VPN.

 

I've managed to configure IPsec (IKEv2) dial-up to work fine, but I notice that when I set the mode to IPSec over TCP, FortiClient (v7.4.3) does not connect and times out. UDP mode works perfectly fine.

 

I also notice that TCP 4500 is not one of the local-in policies on the firewall.

 

Does a local-in policy need to be configured for this to work? Has anyone had any experience with this?

 

Thank you!

 

Labels:
2978
0 Kudos
41 REPLIES 41
mrsimon007
New Contributor II

Created on ‎03-23-2025 02:39 AM

Ensure that TCP port 4500 is included in your local-in policies. If it is not, you may need to create a rule to allow traffic on this port.

563
mbqc
New Contributor

Created on ‎04-18-2025 05:22 AM Edited on ‎04-18-2025 05:32 AM

Did you manage to get this working? We are facing the exact same issue with a 90G.

FC 7.4.3.1790, FortiOS 7.4.7

401
0 Kudos
ryanswj
New Contributor
In response to mbqc

Created on ‎04-20-2025 10:20 PM

No, I have not. I think it may be a bug in 7.4.7, so am waiting for the next version to be released. Let me know if you make any headway.

344
0 Kudos
MZBZ
Staff
Staff

Created on ‎04-20-2025 10:27 PM

1. FreeVPN FortiClient does not support IKEv2 over TCP. It works with the EMS connected version!

2. Both FortiOS and FortiClient will get a major enhancement in the next release (FortiOS 7.4.8 and FortiClient 7.4.4) that will address your issues...

M. B.
337
0 Kudos
ryanswj
New Contributor
In response to MZBZ

Created on ‎04-20-2025 10:30 PM

Oh... that would explain everything! Do you know ETA of FOS 7.4.8 or FC 7.4.4 and whether both are required to make this work or just the FC upgrade will do?

328
0 Kudos
MZBZ
Staff
Staff
In response to ryanswj

Created on ‎04-21-2025 03:43 PM

The issue on FortiOS side is different in nature from the FortiClient side. Troubleshooting this problem is hard as you do not know which side is causing the unexpected behavior. You may confirm the fix from Release Notes when published.

M. B.
269
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to MZBZ

Created on ‎04-20-2025 10:53 PM Edited on ‎04-20-2025 10:53 PM

@MZBZ  Well, I'm using FortiClient VPN 7.4.2. And it's working as long as I enabled EAP "set eap enable" via CLI. And, FortiOS side is 7.4.6.

Toshi

324
0 Kudos
MZBZ
Staff
Staff
In response to Toshi_Esumi

Created on ‎04-21-2025 03:38 PM

Depends on the setup and history of FortiOS upgrades! It does not affect all setups.

M. B.
272
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to MZBZ

Created on ‎04-21-2025 03:46 PM

That means your statement No.1 "FreeVPN FortiClient does not support IKEv2 over TCP." is, at least, not always apply since it works in some cases.
That's my point.

Toshi

268
0 Kudos
MZBZ
Staff
Staff
In response to Toshi_Esumi

Created on ‎04-21-2025 03:50 PM

IKEv2 over TCP is not officially supported or provided with the Free VPN Client.

M. B.
265
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.