Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Peter_P_
New Contributor II

Forticlient IPSec VPN Tunnel established however 0KB received(rcvdbyte=N/A)

Hi,

 

Please could anyone help? I'm merely a Desktop Support Technician. I have a user who can successfully establish an IPsec VPN tunnel through his ISP home connection, however bytes received remains on 0KB. Forticlient works fine through the Company issued 3g\4g connection but the user would like to utilize his home connection. Any advice on how one can get to the resolution? Below is a pic and an excerpt from a log file, I've removed the IP addresses for confidentially and because I'm new to this so do please forgive me if there is important info omitted and please advise if anything else I'd need to post? Also please bear in mind I only have access to the client side of things.

 

6/4/2020 11:18:18 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=500 rem_ip=xxx.xxx.x.xxx rem_port=500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent xxx.xxx.x.xxx aggressive mode me" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:18 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=local mode=aggressive stage=2 dir=outbound status=success Initiator: sent xxx.xxx.x.xxx aggressive mode " vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:18 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=remote mode=xauth_client stage=0 dir=inbound status=success Responder: parsed xxx.xxx.x.xxx xauth_client" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:18 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=remote mode=xauth_client stage=2 dir=inbound status=success Responder: parsed xxx.xxx.x.xxx xauth_client" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:18 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=local mode=xauth_client stage=0 dir=inbound status=success Initiator: parsed xxx.xxx.x.xxx xauth_client " vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:18 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=remote mode=xauth_client stage=0 dir=inbound status=success Responder: parsed xxx.xxx.x.xxx xauth_client" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:19 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=local mode=quick stage=1 dir=outbound status=success Initiator: sent xxx.xxx.x.xxx quick mode message #1" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:19 AM Information VPN id=96571 msg="locip=xxx.xxx.x.xxx locport=4500 remip=xxx.xxx.x.xxx remport=4500 outif=0 vpntunnel=Acme-Remote-VPNX action=install_sa, inspi=0xd76b2b92 outspi=0xfe713d38 Initiator: tunnel xxx.xxx.x.xxx/xxx.xxx.x.xxx install ipsec sa" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:19 AM Information VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.x.xxx loc_port=4500 rem_ip=xxx.xxx.x.xxx rem_port=4500 out_if=0 vpn_tunnel=Acme-Remote-VPNX action=negotiate init=local mode=quick stage=2 dir=outbound status=success Initiator: sent xxx.xxx.x.xxx quick mode message #2" vpntunnel=Acme-Remote-VPNX vpntype=ipsec 6/4/2020 11:18:19 AM Information VPN id=96560 msg="VPN tunnel status" vpnstate=connected vpntype=ipsec 6/4/2020 11:18:21 AM Notice VPN date=2020-06-04 time=11:18:20 logver=1 type=traffic level=notice sessionid=3192887376 hostname=W41048220 pcdomain=Acme.co.za uid=BE7433B2B1034810A6FA17E76E96D4C1 devid=FCT8002102823908 fgtserial=N/A emsserial=N/A regip=N/A srcname=ipsec srcproduct=N/A srcip=xxx.xxx.x.xxx srcport=N/A direction=outbound dstip=xxx.xxx.x.xxx remotename=N/A dstport=4500 user=xxxxxxxxx proto=6 rcvdbyte=N/A sentbyte=3232 utmaction=passthrough utmevent=vpn threat=connect vd=N/A fctver=6.0.9.0277 os="Microsoft Windows 10 Enterprise Edition, 64-bit (build 16299)" usingpolicy="" service= url=N/A userinitiated=0 browsetime=N/A

 

 

Please help?!

 

Many thanks,

 

4 REPLIES 4
ede_pfau
SuperUser
SuperUser

hi,

 

the image didn't take..please re-post.

One-sided traffic points to either a missing policy or a routing problem. Without insight into the FGT side this will be difficult to debug.

Are other FC users able to connect and transfer data? Using the same FC setup?

(if not: are you? do you have set up a test installation on your notebook/PC to test?)

 

Routing:

this is called 'split tunneling' in the FC config. Default is that ALL traffic traverses the tunnel, so that even surfing the net will be through the remote FGT's WAN. If you enable split tunneling, you enter the remote (private) subnet you want to access. This creates a route on the notebook.

In all cases, the FGT's (VPN gateway) policies must match. And of course the phase2 settings in the VPN definition.

 

From the logs, to me it seems connecting and authenticating just is fine. So I suggest you check policies. There is at least one policy on the FGT, and even the notebook sometimes (Win10!) has policies, namely the Windows Defender Firewall rules. Deactivate this bogus 'firewall' and test again.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Peter_P_
New Contributor II

Hi,

 

Thanks for the response. 

 

I've attached the pic, it's just a pic of the connected status.

 

Other user's are able to connect fine. It's a provisioned IPSec VPN config so it works as is after installation without having to configure any settings. This user's same Forticlient installation works fine with his Company issued 3g\4g sim connection. There was a known issue in the Business where user's with home fibre connection cannot connect to Forticlient, but then enabling IPSec in their Router front-end interface resolved it. But the thing is this user can connect but it's just one-sided traffic like you said, so I'm hoping enabling IPSec might resolve this also. I have asked the user to confirm IPSec is enabled on his Router, now just waiting on him to respond. 

 

We wont be able to turn off Defender, as it's managed via Group Policy, but I'll try and consult with the network\system admins to confirm no policies are the cause.

 

Many thanks,

Peter_P_
New Contributor II

Hi,

 

A re-install of Forticlient fixed the darn thing.

 

Regards,

IT-WSF
New Contributor

Exact sam problem "FortiClient VPN 7.0.7.0345" and "Windows 11 Pro 22H2 22621.1265"

 

https://community.fortinet.com/t5/Support-Forum/Forticlient-VPN-Windows-11-connection-established-bu...

 

The VPN is established, but no byte recieved

Labels
Top Kudoed Authors