Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ldd3
New Contributor II

FortiClient VPN stopped working on Ubuntu 23.04

FortiClient VPN (7.2.0.0644) stopped working on Ubuntu after upgrading to 23.04.

How to reproduce:

Click on connect and wait.

No error notifications are displayed and the first prompt says "VPN connecting".

The next prompt just says  "VPN disconnected" and the Home menu to connect is ready to click on connect again.

Repeating this process and resetting the computer or the router does not change anything.

 

Any issue with dependencies?

 

Edit: sometimes I see another prompt saying "Config routing table failed" before "VPN disconnected" appears.

9 REPLIES 9
AEK
Honored Contributor

Can you try remove and reinstall FortiClient VPN?

AEK
AEK
FortiNitish
Staff
Staff

Hello ,

Please let us know if uninstalling and reinstalling the forticlient VPN works?

Where do you see this  "Config routing table failed"  , Is it a licensed or free version of Forticlient ?

kpa
New Contributor II

As discussed here, this little script should fix this issue:
https://gist.github.com/SydoxX/f40a9d4d7af414049b6e07092e8bbc2b

Regards, Konstantin
Regards, Konstantin
ldd3
New Contributor II

Unfortunately that does not solved my issue. I am still facing the same issues and as I commented in the discussion you linked, the script prompts the following messages before exiting:

Still waiting...
Device is unmanaged. Setting it to 'up' again...
Done.

And when I open Forticlient again, it still does not work. I thought it might be so because I have a newer version than the one discussed there, but it seems that @alci is facing the same issues with 7.0.7.0246

alci
New Contributor II

I have the same problem, and kpa's script does not help.

 

I tried to upgrade forticlient (from 6.4.xxxx to 7.0.7.0246), but the behaviour remains the same: I enter my username and password in forticlient VPN, it asks that I approve the certificate, then connects, then immediatly disconects. It will sometime report the "Config routing table failed" message.

 

Same config on Ubuntu 22.10 works fine.

 

If I run journalctl -f while trying to connect, here is what I get:

 

mai 15 20:34:04 tibook NetworkManager[4875]: <info> [1684175644.9842] manager: (vpn001782c1f8): new Tun device (/org/freedesktop/NetworkManager/Devices/11)
mai 15 20:34:04 tibook NetworkManager[4875]: <info> [1684175644.9929] device (vpn001782c1f8): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
mai 15 20:34:04 tibook NetworkManager[4875]: <info> [1684175644.9934] device (vpn001782c1f8): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
mai 15 20:34:04 tibook NetworkManager[4875]: <info> [1684175644.9940] device (vpn001782c1f8): Activation: starting connection 'vpn001782c1f8' (d337717e-af5e-4281-a525-c735bf2acf27)
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0014] device (vpn001782c1f8): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0016] device (vpn001782c1f8): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0017] device (vpn001782c1f8): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0020] device (vpn001782c1f8): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook dbus-daemon[4249]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.20' (uid=0 pid=4875 comm="/usr/sbin/NetworkManager --no-daemon" label="unconfined")
mai 15 20:34:05 tibook systemd[1]: Starting NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service...
mai 15 20:34:05 tibook dbus-daemon[4249]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
mai 15 20:34:05 tibook systemd[1]: Started NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service.
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0614] device (vpn001782c1f8): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0618] device (vpn001782c1f8): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.0626] device (vpn001782c1f8): Activation: successful, device activated.
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.3451] audit: op="connection-update" uuid="80105f36-446d-4d91-99bd-a8ece752c6d7" name="fougeres" args="ipv4.ignore-auto-dns" pid=221215 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.3687] audit: op="connection-update" uuid="80105f36-446d-4d91-99bd-a8ece752c6d7" name="fougeres" args="ipv4.dns" pid=221220 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.3879] audit: op="connection-update" uuid="80105f36-446d-4d91-99bd-a8ece752c6d7" name="fougeres" pid=221225 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4050] audit: op="device-reapply" interface="wlo1" ifindex=2 args="ipv4.dns,ipv4.ignore-auto-dns" pid=221230 uid=0 result="success"
mai 15 20:34:05 tibook nm-dispatcher[221235]: /etc/NetworkManager/dispatcher.d/01-ifupdown: called with unknown action `reapply'
mai 15 20:34:05 tibook nm-dispatcher[221135]: req:3 'reapply' [wlo1], "/etc/NetworkManager/dispatcher.d/01-ifupdown": complete: failed with Script '/etc/NetworkManager/dispatcher.d/01-ifupdown' exited with status 1.
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4364] dhcp4 (wlo1): canceled DHCP transaction
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4364] dhcp4 (wlo1): activation: beginning transaction (timeout in 45 seconds)
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4364] dhcp4 (wlo1): state changed no lease
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4370] dhcp4 (wlo1): activation: beginning transaction (timeout in 45 seconds)
mai 15 20:34:05 tibook avahi-daemon[4244]: Withdrawing address record for fe80::a78d:f53f:ef19:1ef5 on wlo1.
mai 15 20:34:05 tibook avahi-daemon[4244]: Leaving mDNS multicast group on interface wlo1.IPv6 with address fe80::a78d:f53f:ef19:1ef5.
mai 15 20:34:05 tibook avahi-daemon[4244]: Interface wlo1.IPv6 no longer relevant for mDNS.
mai 15 20:34:05 tibook avahi-daemon[4244]: Joining mDNS multicast group on interface wlo1.IPv6 with address fe80::a78d:f53f:ef19:1ef5.
mai 15 20:34:05 tibook avahi-daemon[4244]: New relevant interface wlo1.IPv6 for mDNS.
mai 15 20:34:05 tibook avahi-daemon[4244]: Registering new address record for fe80::a78d:f53f:ef19:1ef5 on wlo1.*.
mai 15 20:34:05 tibook dnsmasq[8509]: reading /etc/resolv.conf
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client reset search domain list.
mai 15 20:34:05 tibook dnsmasq[8509]: using nameserver 127.0.0.53#53
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client set default route setting: no
mai 15 20:34:05 tibook dnsmasq[8509]: using only locally-known addresses for lxd
mai 15 20:34:05 tibook dnsmasq[8509]: reading /etc/resolv.conf
mai 15 20:34:05 tibook dnsmasq[8509]: using nameserver 127.0.0.53#53
mai 15 20:34:05 tibook dnsmasq[8509]: using only locally-known addresses for lxd
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client reset DNS server list.
mai 15 20:34:05 tibook NetworkManager[4875]: <warn> [1684175645.4635] dispatcher: (21) /etc/NetworkManager/dispatcher.d/01-ifupdown failed (failed): Script '/etc/NetworkManager/dispatcher.d/01-ifupdown' exited with status 1.
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4684] dhcp4 (wlo1): state changed new lease, address=10.0.0.22
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client set default route setting: yes
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client set DNS server list to: 10.254.2.8, 192.168.100.40
mai 15 20:34:05 tibook plasmashell[13606]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Filename"
mai 15 20:34:05 tibook kded5[13159]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Filename"
mai 15 20:34:05 tibook kded5[13159]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Flags"
mai 15 20:34:05 tibook plasmashell[13606]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Flags"
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4847] audit: op="connection-update" uuid="d337717e-af5e-4281-a525-c735bf2acf27" name="vpn001782c1f8" args="ipv4.dns,connection.timestamp" pid=221236 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info> [1684175645.4957] device (vpn001782c1f8): state change: activated -> unmanaged (reason 'connection-assumed', sys-iface-state: 'managed')
mai 15 20:34:05 tibook systemd-resolved[184505]: vpn001782c1f8: Bus client set default route setting: no
mai 15 20:34:05 tibook nm-dispatcher[221263]: /etc/NetworkManager/dispatcher.d/01-ifupdown: called with unknown action `reapply'
mai 15 20:34:05 tibook nm-dispatcher[221135]: req:5 'reapply' [vpn001782c1f8], "/etc/NetworkManager/dispatcher.d/01-ifupdown": complete: failed with Script '/etc/NetworkManager/dispatcher.d/01-ifupdown' exited with status 1.

 

AEK
Honored Contributor

Hello

Can you disable IPv6 on your Ubuntu and try again?

Otherwise you will have to wait for the next FortiClient VPN release.

Until then you can connect to FGT-VPN with fortisslvpn plugin for NetworkManager.

AEK
AEK
alci
New Contributor II

Can I import xml setup with fortissl plugin ?

alci
New Contributor II

Hurray ! Disabling IPv6 did the trick.

Any explaination (if you have time, I'm plainly happy for now, but I'm always eager to learn a bit :) )

Thanks a lot !

AEK
Honored Contributor

Happy to hear it worked.

Nothing magic, when I saw IPv6 in your logs I just remembered that I've seen many issues with FortiClient VPN when IPv6 is enabled.

 

I don't know a way to import xml setup with fortisslvpn, but maybe it is possible via CLI.

I use it since years and it always worked like a charm.

AEK
AEK
Top Kudoed Authors