I'm trying to set up fortivpn and connect, and it doesn't seem to connect.
Installed version is:
forticlient_vpn_7.0.7.0246_amd64
In the GUI, it lists as connecting, and doesn't do anything, a packet capture doesn't show any traffic coming from it.
Running it via CLI gets this error:
Failed to connect to confighandler: connect(127.0.0.1:35499): error Connection refused
Failed to get config. Retry after 1 second.
If I run confighandler via sudo, then I get further, and receive this error:
Failed to connect to confighandler: connect(127.0.0.1:35499): error Connection refused
Failed to get config. Retry after 1 second.
Running an strace on confighandler while running fortivpn in another terminal, shows that confighandler has these messages.
recvmsg(67, {msg_namelen=0}, 0) = -1 EAGAIN (Resource temporarily unavailable)
write(58, "\1\0\0\0\0\0\0\0", 8) = 8
read(61, "\1\0\0\0\0\0\0\0", 8) = 8
fcntl(55, F_SETLK, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=1073741824, l_len=1}) = 0
fcntl(55, F_SETLK, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=1073741826, l_len=510}) = 0
fcntl(55, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=1073741824, l_len=1}) = 0
stat("/var/lib/forticlient/config.db-journal", 0x7fff54933000) = -1 ENOENT (No such file or directory)
lseek(55, 24, SEEK_SET) = 24
read(55, "\0\0\09\0\0\0\35\0\0\0\0\0\0\0\0", 16) = 16
stat("/var/lib/forticlient/config.db-wal", 0x7fff54933000) = -1 ENOENT (No such file or directory)
fstat(55, {st_mode=S_IFREG|0777, st_size=118784, ...}) = 0
Reviewing /var/lib/forticlient/config.db shows that it does not have any tables matching journal or wal (the file does exist though)
I'm unsure where to go from here, but would love to get this working...
Thanks,
Awkray-ven
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Which Linux platform you are using ?
You can refer and verify from these docs :
Hello @Awkray-ven
As I understand that you are facing issues in connecting VPN on Linux machine.
Kindly provide below details to check further:
+ Linux OS details
+ FortiOS version
+ May I Know the working Linux machine OS version, if any?
+ Also, please provide the SSL VPN debugs
diag debug reset
diagnose vpn ssl debug-filter src-addr4 x.x.x.x>>>user public IP
diag debug appl sslvpn -1
diag debug enable
Thanks,
Shaleni
Hello @Awkray-ven
-Did you test with any other Linux machine?
-Was it working fine earlier having issues now?
-Fortios version and debug could help as mentioned by Shaleni.
-On 7.0.7 forticlient there is DNS known issue for ssl vpn https://docs.fortinet.com/document/forticlient/7.0.7/linux-release-notes/254811/known-issues
-If you are using single wan can you try adding the wan ip address rather than FQDN of the ssl vpn.
Thanks
Manasa.
I'm running a Debian based Distro, installed version is 7.0.7.0246, found here https://links.fortinet.com/forticlient/deb/vpnagent (the debian VPN only forticlient)
The diag commands you provided did not run, possibly I was running them in the wrong place, or don't have the packages installed to run them.
uname -a
Linux Cyberdeck 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-2 (2023-07-27) x86_64 GNU/Linux
cat /etc/os-release
PRETTY_NAME="PeppermintOS"
NAME="Peppermint"
ID=peppermint
VERSION_CODENAME="bookworm"
HOME_URL="https://peppermintos.com"
SUPPORT_URL="https://sourceforge.net/p/peppermintos/pepos/"
BUG_REPORT_URL="https://sourceforge.net/p/peppermintos/pepos/"
main.log - https://pastebin.com/JTCLzgEa
confighandler.log - https://pastebin.com/46jLTpVW
fctsched.log - https://pastebin.com/fuvm7e22
sslvpn.log - https://pastebin.com/yGBy4hCg
update.log - https://pastebin.com/Hzq5G4Tz
@mpeddalla your post just loaded for me.
I had this same version previously running last week on an install of lubuntu 22.04 lts, however I uninstalled that distro as it was providing other errors for me (I'd happily used previous lubuntu lts releases, but this one wasn't working for me)
I did at one point uninstall (using apt-purge) the forticlient software, redownloaded a new file, and reinstalled, and this issue persisted on this linux install. Then I ran a packet capture for any traffic leaving my system (over wifi), and no packets were being sent. This is when I started investigating the software itself, using strace and command line.
Unfortunately I don't have the ability at the moment to test using WAN IP, as I don't manage the VPN server that I'm attempting to connect to.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.