Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
laberton
New Contributor

Created on ‎11-13-2024 05:37 AM Edited on ‎11-13-2024 05:44 AM

Forticlient 7.4.1.1697 on Ubuntu 22.04.5 failing to create SSL tunnel

It's basicly what the title says. We use forticlient to connect to the company's VPN. I was told that the request reaches successfully the server but when it tries to create the ssl tunnel it fails. I already tried to reinstall, changing the wifi connection used.

Here I have extracted some info from the sslvpn.log file that I think relates to the problem.
Could you help me please?

 

 

 

 

20241112 09:58:28.682 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:28.682 TZ=-0300 [sslvpn:DEBG] main:1609 Create socket connection
20241112 09:58:28.695 TZ=-0300 [sslvpn:DEBG] main:1687 Message to UI: A FortiToken code is required for SSL-VPN login authentication.
20241112 09:58:28.695 TZ=-0300 [sslvpn:DEBG] main:1705 153 bytes sent.
20241112 09:58:36.260 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:36.260 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:36.858 TZ=-0300 [sslvpn:INFO] sslvpn:241 Authentication passed.
20241112 09:58:36.858 TZ=-0300 [sslvpn:INFO] vpn_connection:2405 /remote/fortisslvpn
20241112 09:58:36.858 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:37.059 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:37.059 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:37.059 TZ=-0300 [sslvpn:INFO] vpn_connection:2405 /remote/fortisslvpn_xml
20241112 09:58:37.059 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:129 DTLS config hello version: 2
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:130 DTLS config heartbeat interval: 10
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:131 DTLS config heartbeat fail count: 10
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:132 DTLS config heartbeat idle timeout: 10
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:133 DTLS config client hello timeout: 60
20241112 09:58:37.587 TZ=-0300 [sslvpn:INFO] vpn_connection:2405 /remote/portal
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:37.788 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:37.788 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:37.788 TZ=-0300 [sslvpn:INFO] sslvpn:512 /remote/portal username extracted xxx
20241112 09:58:37.788 TZ=-0300 [sslvpn:DEBG] vpn_connection:1612 Login process end on status: 0
20241112 09:58:37.788 TZ=-0300 [sslvpn:INFO] sslvpn:923 Login successful
20241112 09:58:37.814 TZ=-0300 [sslvpn:INFO] main:1779 State: Configuring tunnel
20241112 09:58:37.823 TZ=-0300 [sslvpn:DEBG] vpn_util:299 Get connection name: Alberton
20241112 09:58:37.823 TZ=-0300 [sslvpn:DEBG] vif:135 Restarting NetworkManager
20241112 09:58:37.930 TZ=-0300 [sslvpn:DEBG] vif:147 Using nmcli to allocate tun device.
20241112 09:58:38.373 TZ=-0300 [sslvpn:EROR] vpn_connection:909 Failed to set default remote address for datagram socket.
20241112 09:58:38.373 TZ=-0300 [sslvpn:EROR] vpn_connection:2566 Create tunnel connection failed.
20241112 09:58:38.387 TZ=-0300 [sslvpn:EROR] vpn_connection:2566 Create tunnel connection failed.
20241112 09:58:38.388 TZ=-0300 [sslvpn:EROR] vpn_connection:1998 Start tunnel failed
20241112 09:58:38.392 TZ=-0300 [sslvpn:INFO] nmtools:865 Network Manager settings backup file doesn't exist
20241112 09:58:38.392 TZ=-0300 [sslvpn:DEBG] nmtools:1200 No connections to restore
20241112 09:58:38.392 TZ=-0300 [sslvpn:DEBG] dns:302 File /etc/nm_resolv.forticlient.backup doesn't exist
20241112 09:58:38.401 TZ=-0300 [sslvpn:DEBG] vpn_util:299 List fctvpn connection: fctvpnd579e9a5

 

 

 

 

 

Labels:
3362
0 Kudos
10 REPLIES 10
AEK
SuperUser
SuperUser

Created on ‎11-13-2024 11:46 AM

Can you check if you have nmcli on the host?

Just run "nmcli -v".

AEK
AEK
3141
Jamie_Pate_FTNT
Staff
Staff

Created on ‎11-16-2024 10:51 AM Edited on ‎11-16-2024 11:03 AM

I am having the same problem, but it only happens with WIFI, not ethernet!

EDIT:
Reverting to forticlient 7.4.0-GA solved the issue for me.

$ nmcli -v
nmcli tool, version 1.36.6

 

More logs:

I also set network manager's debug level:


sudo nmcli general logging level DEBUG domains ALL


20241116 10:42:22.658 TZ=-0800 [sslvpn:INFO] sslvpn:923 Login successful
20241116 10:42:22.705 TZ=-0800 [sslvpn:INFO] main:1779 State: Configuring tunnel
20241116 10:42:22.710 TZ=-0800 [sslvpn:INFO] nettools:1854 More than one device with index 2 can be found
20241116 10:42:22.710 TZ=-0800 [sslvpn:INFO] nettools:1854 Device address details: local_address 172.xx.xx.31, device_index 2, device name wlp0s20f3 (read from netlink)
20241116 10:42:22.710 TZ=-0800 [sslvpn:INFO] nettools:1854 Device address details: local_address fe80::61cd:63cf:7c2a:e646, device_index 2, device name wlp0s20f3 (read from netlink)
20241116 10:42:22.749 TZ=-0800 [sslvpn:DEBG] vpn_util:299 Get connection name: WhistlerPublicLibrary
20241116 10:42:22.749 TZ=-0800 [sslvpn:DEBG] vif:135 Restarting NetworkManager
20241116 10:42:22.920 TZ=-0800 [sslvpn:DEBG] vif:147 Using nmcli to allocate tun device.
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.7591] caught SIGTERM, shutting down normally.
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Stopping Network Manager...
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.7602] device (wlp0s20f3): state change: activated -> deactivating (reason 'unmanaged', sys-iface-state: 'managed')
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.7927] device (wlp0s20f3): state change: deactivating -> unmanaged (reason 'removed', sys-iface-state: 'managed')
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8013] dhcp4 (wlp0s20f3): canceled DHCP transaction
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8013] dhcp4 (wlp0s20f3): activation: beginning transaction (timeout in 45 seconds)
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8014] dhcp4 (wlp0s20f3): state changed no lease
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8496] manager: NetworkManager state is now CONNECTED_LOCAL
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8498] device (p2p-dev-wlp0s20f3): state change: disconnected -> unmanaged (reason 'removed', sys-iface-state: 'removed')
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8671] exiting (success)
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: NetworkManager.service: Deactivated successfully.
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Stopped Network Manager.
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Starting Network Manager...
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9169] NetworkManager (version 1.36.6) is starting... (after a restart)
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9170] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 10-dns-resolved.conf, 20-connectivity-ubuntu.conf, no-mac-addr-change.conf) (run: 10-globally-managed-devices.conf) (etc: 99-forticlient.conf, default-wifi-powersave-on.conf)
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9195] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager"
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Started Network Manager.
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9230] manager[0x561b9818b000]: monitoring kernel firmware directory '/lib/firmware'.
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9230] monitoring ifupdown state file '/run/network/ifstate'.
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0395] hostname: hostname: using hostnamed
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0395] hostname: static hostname changed from (none) to "VAN-hostname-LT4"
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0398] dns-mgr[0x561b981675a0]: init: dns=systemd-resolved rc-manager=unmanaged (auto), plugin=systemd-resolved
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0405] rfkill1: found Wi-Fi radio killswitch (at /sys/devices/pci0000:00/0000:00:14.3/ieee80211/phy0/rfkill1) (driver iwlwifi)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0407] manager[0x561b9818b000]: rfkill: Wi-Fi hardware radio set enabled
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0407] manager[0x561b9818b000]: rfkill: WWAN hardware radio set enabled
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0419] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-team.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0426] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-wwan.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0429] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-wifi.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0431] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-adsl.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0434] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-bluetooth.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0437] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0437] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0438] manager: Networking is enabled by state file
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0441] settings: Loaded settings plugin: ifupdown ("/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-settings-plugin-ifupdown.so")
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0441] settings: Loaded settings plugin: keyfile (internal)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0441] ifupdown: management mode: unmanaged
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0442] ifupdown: interfaces file /etc/network/interfaces doesn't exist
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0530] dhcp-init: Using DHCP client 'internal'
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0531] device (lo): carrier: link connected
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0534] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0544] manager: (docker0): new Bridge device (/org/freedesktop/NetworkManager/Devices/2)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0554] device (docker0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0558] device (docker0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0568] device (docker0): Activation: starting connection 'docker0' (1e4bff15-49e7-4029-a37f-937c40e7ca6e)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0575] manager: (lxcbr0): new Bridge device (/org/freedesktop/NetworkManager/Devices/3)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0587] device (lxcbr0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0591] device (lxcbr0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0598] device (lxcbr0): Activation: starting connection 'lxcbr0' (6a95b835-6ae7-44c2-a35c-33825cd81c34)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0606] manager: (virbr0): new Bridge device (/org/freedesktop/NetworkManager/Devices/4)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0616] device (virbr0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0620] device (virbr0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0627] device (virbr0): Activation: starting connection 'virbr0' (616a85bd-a2a1-498f-8b87-c6a8ece39d59)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0632] device (wlp0s20f3): driver supports Access Point (AP) mode
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0638] manager: (wlp0s20f3): new 802.11 Wi-Fi device (/org/freedesktop/NetworkManager/Devices/5)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0641] device (wlp0s20f3): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.3831] device (wlp0s20f3): set-hw-addr: set MAC address to 1A:A6:A8:42:C4:01 (scanning)
20241116 10:42:23.830 TZ=-0800 [sslvpn:EROR] vpn_connection:2566 Create tunnel connection failed.
20241116 10:42:23.832 TZ=-0800 [sslvpn:EROR] vpn_connection:1998 Start tunnel failed



 

2956
aseques
Contributor

Created on ‎11-19-2024 12:10 AM

As @Jamie_Pate_FTNT I had to downgrade to 7.4.0 and mark the forticlient on hold by now (at least until 7.4.2)

2778
0 Kudos
eamaro
New Contributor II

Created on ‎12-04-2024 06:18 AM

I'm having the same issue on Ubuntu 24.04.5 LTS.
Establishing the SSL VPN over Wifi kills the connection.
If I connect the VPN while connected via Ethernet it works.

I had to downgrade back to 7.4.0. It works as expected.

Here's some lines from the Journal. It seems EDR was the one killing the connection

nov 20 09:26:21 ea FortiEDRCollect[2954]: Fortinet Endpoint Detection and Response: Connection blocked for process (pid : 10866) - local ip: «10.x.x.x edited local Ip address», remote ip: «x.x.x.x edited fortigate vpn endpoint»
nov 20 09:26:21 ea Fortitray.desktop[10141]: 09:26:21.996 › Receive websocket type=FCT_VPN_CONNECTING
nov 20 09:26:21 ea Fortitray.desktop[10141]: 09:26:21.996 › VpnHandler UNHANDLED {"isTrusted":true}


nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.750 › Receive websocket type=FCT_AVATAR_USERINFO
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.750 › Receive websocket type=FCT_AVATAR_USERINFO, data.msg.info is not empty
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.750 › this.user is updated

nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.806 › Receive websocket type=FCT_EC_STATUS_CHANGE
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.807 › EpctrlStatusChange: Updating view of vpn
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.995 › GetVisibleTabs - visibleTabs={"AVTabIsHidden":false,"VPNTabIsHidden":false,"VULNTabIsHidden":false,"ComplianceTabIsHidden":false,"ZtnaIsHidden":true,"WfTabIsHidden":false,"SandboxTabIsHidden":true,"AETabIsHidden":true,"FwFwTabIsHidden":true,"EdrTabIsHidden":true}

nov 20 09:27:13 ea Fortitray.desktop[10180]: Warning: terminator_CreateInstance: Failed to CreateInstance in ICD 0. Skipping ICD.


cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian


uname -a
Linux ea 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

 

2012
0 Kudos
AEK
SuperUser
SuperUser
In response to eamaro

Created on ‎12-04-2024 06:50 AM

Strange that EDR blocks VPN of FCT 7.4.1 while it allows 7.4.0.

Unfortunately we can't see any reason in the logs.

I guess it is possible to add an exception in EDR to allow the denied VPN connection.

AEK
AEK
2006
jciconet
New Contributor II

Created on ‎12-10-2024 12:49 PM

I've got the same problem, probably this is the issue > https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2089930?comments=all

1718
AEK
SuperUser
SuperUser
In response to jciconet

Created on ‎12-10-2024 01:13 PM

I think the errors look different.

As workaround try use "fortisslvpn" which is a NM plugin. I've been using it for a long time and it has always worked perfectly.

AEK
AEK
1714
eamaro
New Contributor II

Created on ‎12-12-2024 02:12 AM Edited on ‎12-12-2024 02:14 AM

Forticlient 7.4.2 is out. Did anyone try it yet?
Supposedly the solved issues are the VPN connections
https://docs.fortinet.com/document/forticlient/7.4.2/linux-release-notes/724621/resolved-issues

 

Remote Access - SSL VPN

Bug IDDescription
1082262

SSL VPN connections fail sometimes.

1099641

Connecting to SSL VPN tunnel fails when connecting over Wi-Fi.

1584
eamaro
New Contributor II
In response to eamaro

Created on ‎12-16-2024 06:33 AM

I've upgraded and for me it's working correctly.
Thanks Fortinet dev team.

1436
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.