Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fhernand23
New Contributor

Forticlient 7.2.7.0905 (Ubuntu) Create SSL tunnel failed

Forticlient 7.2.7.0905

Ubuntu 22.04

 

I am getting this error when i try to establish a ssl-vpn connection.

I'm not quite sure what it could be.

 

20241215 21:18:42.763 TZ=-0300 [sslvpn:DEBG] vpn_connection:1422 Login process end on status: 0
20241215 21:18:42.763 TZ=-0300 [sslvpn:INFO] sslvpn:834 Login successful
20241215 21:18:42.785 TZ=-0300 [sslvpn:INFO] main:1483 State: Configuring tunnel
20241215 21:18:42.786 TZ=-0300 [sslvpn:INFO] nettools:1758 More than one device with index 3 can be found
20241215 21:18:42.786 TZ=-0300 [sslvpn:INFO] nettools:1758 Device address details: local_address 192.168.100.15, device_index 3, device name wlp0s20f3 (read from netlink)
20241215 21:18:42.786 TZ=-0300 [sslvpn:INFO] nettools:1758 Device address details: local_address fe80::7194:85de:d7a:c897, device_index 3, device name wlp0s20f3 (read from netlink)
20241215 21:18:42.808 TZ=-0300 [sslvpn:DEBG] vpn_util:275 Get connection name: TLC_HERNANDEZ_fe
20241215 21:18:42.809 TZ=-0300 [sslvpn:DEBG] vif:126 Reload NetworkManager general conf
20241215 21:18:42.816 TZ=-0300 [sslvpn:DEBG] vif:139 Using nmcli to allocate tun device.
20241215 21:18:42.941 TZ=-0300 [sslvpn:DEBG] vpn_connection:406 https server 'forti.comarb.gob.ar' has this certificate, which looks good to me:
/CN=*.comarb.gob.ar
20241215 21:18:42.942 TZ=-0300 [sslvpn:DEBG] vpn_connection:2469 FCT UID added: E360C78D1DCF426B90039BC7D8DA8140
20241215 21:18:45.947 TZ=-0300 [sslvpn:EROR] nettools:176 Operation netlink recv has timed out
20241215 21:18:45.947 TZ=-0300 [sslvpn:EROR] nettools:447 No replies were read. Stop reading socket
20241215 21:18:45.947 TZ=-0300 [sslvpn:INFO] nettools:375 Failed to receive netlink message
20241215 21:18:45.947 TZ=-0300 [sslvpn:EROR] nettools:1732 Failed to query device 192.168.100.15
20241215 21:18:45.947 TZ=-0300 [sslvpn:EROR] nettools:1815 Failed to get device from local address
20241215 21:18:45.948 TZ=-0300 [sslvpn:EROR] vpn_connection:1741 Start tunnel failed
20241215 21:18:45.952 TZ=-0300 [sslvpn:INFO] nmtools:808 Network Manager settings backup file doesn't exist
20241215 21:18:45.953 TZ=-0300 [sslvpn:DEBG] nmtools:1119 No connections to restore
20241215 21:18:45.954 TZ=-0300 [sslvpn:DEBG] dns:275 File /etc/nm_resolv.forticlient.backup doesn't exist
20241215 21:18:45.981 TZ=-0300 [sslvpn:DEBG] vpn_util:275 List fctvpn connection: TLC_HERNANDEZ_fe
fctvpnffae4c2a
br-e65e7d5201b3
docker0
lxcbr0
...
20241215 21:18:45.982 TZ=-0300 [sslvpn:DEBG] dns:794 Try to delete connection fctvpnffae4c2a
20241215 21:18:46.016 TZ=-0300 [sslvpn:DEBG] dns:817 default interface restore: 1, vpn interface restore: 1
20241215 21:18:46.017 TZ=-0300 [sslvpn:DEBG] mtu:116 Restore MTU.
20241215 21:18:46.018 TZ=-0300 [sslvpn:DEBG] mtu:120 No MTU backup file was found. Skip.
20241215 21:18:46.018 TZ=-0300 [sslvpn:DEBG] route:169 clean up route...
20241215 21:18:46.018 TZ=-0300 [sslvpn:DEBG] route:173 Cleanup file not found
20241215 21:18:46.018 TZ=-0300 [sslvpn:DEBG] main:1913 exception: Create SSL tunnel failed

 

thank you

3 REPLIES 3
dingjerry_FTNT

Hi @fhernand23 ,

 

Did you get the outputs from the client side? 

 

What is the SSL VPN server?  FortiGate?  Can you get the debug outputs as well from the server end?

 

 

Regards,

Jerry
fhernand23
New Contributor

Hi @dingjerry_FTNT 

Yes, in our company we are using FortiGate.

This log comes from sslvpn.log of Forticlient.

 

I'm going to try to get the server logs

dingjerry_FTNT

Hi @fhernand23 ,

 

You may run them on the FGT and reproduce the issue again:

 

diag debug application sslvpn -1

diag debug enable

Regards,

Jerry
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors