It's basicly what the title says. We use forticlient to connect to the company's VPN. I was told that the request reaches successfully the server but when it tries to create the ssl tunnel it fails. I already tried to reinstall, changing the wifi connection used.
Here I have extracted some info from the sslvpn.log file that I think relates to the problem.
Could you help me please?
20241112 09:58:28.682 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:28.682 TZ=-0300 [sslvpn:DEBG] main:1609 Create socket connection
20241112 09:58:28.695 TZ=-0300 [sslvpn:DEBG] main:1687 Message to UI: A FortiToken code is required for SSL-VPN login authentication.
20241112 09:58:28.695 TZ=-0300 [sslvpn:DEBG] main:1705 153 bytes sent.
20241112 09:58:36.260 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:36.260 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:36.858 TZ=-0300 [sslvpn:INFO] sslvpn:241 Authentication passed.
20241112 09:58:36.858 TZ=-0300 [sslvpn:INFO] vpn_connection:2405 /remote/fortisslvpn
20241112 09:58:36.858 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:37.059 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:37.059 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:37.059 TZ=-0300 [sslvpn:INFO] vpn_connection:2405 /remote/fortisslvpn_xml
20241112 09:58:37.059 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:129 DTLS config hello version: 2
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:130 DTLS config heartbeat interval: 10
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:131 DTLS config heartbeat fail count: 10
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:132 DTLS config heartbeat idle timeout: 10
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] server_response_parser:133 DTLS config client hello timeout: 60
20241112 09:58:37.587 TZ=-0300 [sslvpn:INFO] vpn_connection:2405 /remote/portal
20241112 09:58:37.587 TZ=-0300 [sslvpn:DEBG] vpn_connection:2451 EMS info added : serial number FCTEMS8823008006, tenant id 00000000000000000000000000000000
20241112 09:58:37.788 TZ=-0300 [sslvpn:DEBG] vpn_connection:659 http connection closed.
20241112 09:58:37.788 TZ=-0300 [sslvpn:DEBG] vpn_connection:521 Response line: 200 OK
20241112 09:58:37.788 TZ=-0300 [sslvpn:INFO] sslvpn:512 /remote/portal username extracted xxx
20241112 09:58:37.788 TZ=-0300 [sslvpn:DEBG] vpn_connection:1612 Login process end on status: 0
20241112 09:58:37.788 TZ=-0300 [sslvpn:INFO] sslvpn:923 Login successful
20241112 09:58:37.814 TZ=-0300 [sslvpn:INFO] main:1779 State: Configuring tunnel
20241112 09:58:37.823 TZ=-0300 [sslvpn:DEBG] vpn_util:299 Get connection name: Alberton
20241112 09:58:37.823 TZ=-0300 [sslvpn:DEBG] vif:135 Restarting NetworkManager
20241112 09:58:37.930 TZ=-0300 [sslvpn:DEBG] vif:147 Using nmcli to allocate tun device.
20241112 09:58:38.373 TZ=-0300 [sslvpn:EROR] vpn_connection:909 Failed to set default remote address for datagram socket.
20241112 09:58:38.373 TZ=-0300 [sslvpn:EROR] vpn_connection:2566 Create tunnel connection failed.
20241112 09:58:38.387 TZ=-0300 [sslvpn:EROR] vpn_connection:2566 Create tunnel connection failed.
20241112 09:58:38.388 TZ=-0300 [sslvpn:EROR] vpn_connection:1998 Start tunnel failed
20241112 09:58:38.392 TZ=-0300 [sslvpn:INFO] nmtools:865 Network Manager settings backup file doesn't exist
20241112 09:58:38.392 TZ=-0300 [sslvpn:DEBG] nmtools:1200 No connections to restore
20241112 09:58:38.392 TZ=-0300 [sslvpn:DEBG] dns:302 File /etc/nm_resolv.forticlient.backup doesn't exist
20241112 09:58:38.401 TZ=-0300 [sslvpn:DEBG] vpn_util:299 List fctvpn connection: fctvpnd579e9a5
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you check if you have nmcli on the host?
Just run "nmcli -v".
I am having the same problem, but it only happens with WIFI, not ethernet!
EDIT:
Reverting to forticlient 7.4.0-GA solved the issue for me.
$ nmcli -v
nmcli tool, version 1.36.6
More logs:
I also set network manager's debug level:
sudo nmcli general logging level DEBUG domains ALL
20241116 10:42:22.658 TZ=-0800 [sslvpn:INFO] sslvpn:923 Login successful
20241116 10:42:22.705 TZ=-0800 [sslvpn:INFO] main:1779 State: Configuring tunnel
20241116 10:42:22.710 TZ=-0800 [sslvpn:INFO] nettools:1854 More than one device with index 2 can be found
20241116 10:42:22.710 TZ=-0800 [sslvpn:INFO] nettools:1854 Device address details: local_address 172.xx.xx.31, device_index 2, device name wlp0s20f3 (read from netlink)
20241116 10:42:22.710 TZ=-0800 [sslvpn:INFO] nettools:1854 Device address details: local_address fe80::61cd:63cf:7c2a:e646, device_index 2, device name wlp0s20f3 (read from netlink)
20241116 10:42:22.749 TZ=-0800 [sslvpn:DEBG] vpn_util:299 Get connection name: WhistlerPublicLibrary
20241116 10:42:22.749 TZ=-0800 [sslvpn:DEBG] vif:135 Restarting NetworkManager
20241116 10:42:22.920 TZ=-0800 [sslvpn:DEBG] vif:147 Using nmcli to allocate tun device.
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.7591] caught SIGTERM, shutting down normally.
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Stopping Network Manager...
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.7602] device (wlp0s20f3): state change: activated -> deactivating (reason 'unmanaged', sys-iface-state: 'managed')
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.7927] device (wlp0s20f3): state change: deactivating -> unmanaged (reason 'removed', sys-iface-state: 'managed')
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8013] dhcp4 (wlp0s20f3): canceled DHCP transaction
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8013] dhcp4 (wlp0s20f3): activation: beginning transaction (timeout in 45 seconds)
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8014] dhcp4 (wlp0s20f3): state changed no lease
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8496] manager: NetworkManager state is now CONNECTED_LOCAL
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8498] device (p2p-dev-wlp0s20f3): state change: disconnected -> unmanaged (reason 'removed', sys-iface-state: 'removed')
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[63789]: <info> [1731782542.8671] exiting (success)
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: NetworkManager.service: Deactivated successfully.
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Stopped Network Manager.
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Starting Network Manager...
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9169] NetworkManager (version 1.36.6) is starting... (after a restart)
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9170] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 10-dns-resolved.conf, 20-connectivity-ubuntu.conf, no-mac-addr-change.conf) (run: 10-globally-managed-devices.conf) (etc: 99-forticlient.conf, default-wifi-powersave-on.conf)
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9195] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager"
Nov 16 10:42:22 VAN-hostname-LT4 systemd[1]: Started Network Manager.
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9230] manager[0x561b9818b000]: monitoring kernel firmware directory '/lib/firmware'.
Nov 16 10:42:22 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782542.9230] monitoring ifupdown state file '/run/network/ifstate'.
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0395] hostname: hostname: using hostnamed
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0395] hostname: static hostname changed from (none) to "VAN-hostname-LT4"
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0398] dns-mgr[0x561b981675a0]: init: dns=systemd-resolved rc-manager=unmanaged (auto), plugin=systemd-resolved
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0405] rfkill1: found Wi-Fi radio killswitch (at /sys/devices/pci0000:00/0000:00:14.3/ieee80211/phy0/rfkill1) (driver iwlwifi)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0407] manager[0x561b9818b000]: rfkill: Wi-Fi hardware radio set enabled
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0407] manager[0x561b9818b000]: rfkill: WWAN hardware radio set enabled
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0419] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-team.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0426] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-wwan.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0429] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-wifi.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0431] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-adsl.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0434] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-device-plugin-bluetooth.so)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0437] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0437] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0438] manager: Networking is enabled by state file
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0441] settings: Loaded settings plugin: ifupdown ("/usr/lib/x86_64-linux-gnu/NetworkManager/1.36.6/libnm-settings-plugin-ifupdown.so")
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0441] settings: Loaded settings plugin: keyfile (internal)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0441] ifupdown: management mode: unmanaged
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0442] ifupdown: interfaces file /etc/network/interfaces doesn't exist
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0530] dhcp-init: Using DHCP client 'internal'
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0531] device (lo): carrier: link connected
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0534] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0544] manager: (docker0): new Bridge device (/org/freedesktop/NetworkManager/Devices/2)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0554] device (docker0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0558] device (docker0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0568] device (docker0): Activation: starting connection 'docker0' (1e4bff15-49e7-4029-a37f-937c40e7ca6e)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0575] manager: (lxcbr0): new Bridge device (/org/freedesktop/NetworkManager/Devices/3)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0587] device (lxcbr0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0591] device (lxcbr0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0598] device (lxcbr0): Activation: starting connection 'lxcbr0' (6a95b835-6ae7-44c2-a35c-33825cd81c34)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0606] manager: (virbr0): new Bridge device (/org/freedesktop/NetworkManager/Devices/4)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0616] device (virbr0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0620] device (virbr0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0627] device (virbr0): Activation: starting connection 'virbr0' (616a85bd-a2a1-498f-8b87-c6a8ece39d59)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0632] device (wlp0s20f3): driver supports Access Point (AP) mode
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0638] manager: (wlp0s20f3): new 802.11 Wi-Fi device (/org/freedesktop/NetworkManager/Devices/5)
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.0641] device (wlp0s20f3): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
Nov 16 10:42:23 VAN-hostname-LT4 NetworkManager[68860]: <info> [1731782543.3831] device (wlp0s20f3): set-hw-addr: set MAC address to 1A:A6:A8:42:C4:01 (scanning)
20241116 10:42:23.830 TZ=-0800 [sslvpn:EROR] vpn_connection:2566 Create tunnel connection failed.
20241116 10:42:23.832 TZ=-0800 [sslvpn:EROR] vpn_connection:1998 Start tunnel failed
As @Jamie_Pate_FTNT I had to downgrade to 7.4.0 and mark the forticlient on hold by now (at least until 7.4.2)
I'm having the same issue on Ubuntu 24.04.5 LTS.
Establishing the SSL VPN over Wifi kills the connection.
If I connect the VPN while connected via Ethernet it works.
I had to downgrade back to 7.4.0. It works as expected.
Here's some lines from the Journal. It seems EDR was the one killing the connection
nov 20 09:26:21 ea FortiEDRCollect[2954]: Fortinet Endpoint Detection and Response: Connection blocked for process (pid : 10866) - local ip: «10.x.x.x edited local Ip address», remote ip: «x.x.x.x edited fortigate vpn endpoint»
nov 20 09:26:21 ea Fortitray.desktop[10141]: 09:26:21.996 › Receive websocket type=FCT_VPN_CONNECTING
nov 20 09:26:21 ea Fortitray.desktop[10141]: 09:26:21.996 › VpnHandler UNHANDLED {"isTrusted":true}
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.750 › Receive websocket type=FCT_AVATAR_USERINFO
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.750 › Receive websocket type=FCT_AVATAR_USERINFO, data.msg.info is not empty
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.750 › this.user is updated
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.806 › Receive websocket type=FCT_EC_STATUS_CHANGE
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.807 › EpctrlStatusChange: Updating view of vpn
nov 20 09:27:06 ea Fortitray.desktop[10141]: 09:27:06.995 › GetVisibleTabs - visibleTabs={"AVTabIsHidden":false,"VPNTabIsHidden":false,"VULNTabIsHidden":false,"ComplianceTabIsHidden":false,"ZtnaIsHidden":true,"WfTabIsHidden":false,"SandboxTabIsHidden":true,"AETabIsHidden":true,"FwFwTabIsHidden":true,"EdrTabIsHidden":true}
nov 20 09:27:13 ea Fortitray.desktop[10180]: Warning: terminator_CreateInstance: Failed to CreateInstance in ICD 0. Skipping ICD.
cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
uname -a
Linux ea 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Strange that EDR blocks VPN of FCT 7.4.1 while it allows 7.4.0.
Unfortunately we can't see any reason in the logs.
I guess it is possible to add an exception in EDR to allow the denied VPN connection.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.