Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
neovedder
New Contributor

Created on ‎12-04-2024 05:27 AM

Forticlient on Opensuse Tumbleweed

I have been struggling with forticlient on Opensuse Tumbleweed. It worked fine until last week but now, after a zypper dup, (I did others before and there were no issues) I can't establish the connection anymore. Even trying boot across previous system snapshot, it doesn't work. I use a SAML integrated VPN and it authenticates successfully just before the client dropping the connection. Can anyone help me to fix this?

 

 

 

 

20241203 16:50:09.950 TZ=-0300 [sslvpn:INFO] main:1817 Init
20241203 16:50:09.951 TZ=-0300 [sslvpn:INFO] main:622 Load profile: BLN
20241203 16:50:09.952 TZ=-0300 [sslvpn:DEBG] main:631 Inherit local DNS: No
20241203 16:50:09.952 TZ=-0300 [sslvpn:DEBG] main:644 DNS service resetting interval: 0
20241203 16:50:09.952 TZ=-0300 [sslvpn:INFO] main:329 Get DBUS session bus address
20241203 16:50:09.954 TZ=-0300 [sslvpn:DEBG] main:333 Failed to find DBUS session bus address in dbus-daemon, try to find in dbus-broker
20241203 16:50:09.955 TZ=-0300 [sslvpn:DEBG] main:393 get passwd: true, get cert passwd: false, get user input: false
20241203 16:50:09.961 TZ=-0300 [sslvpn:INFO] main:329 Get DBUS session bus address
20241203 16:50:09.962 TZ=-0300 [sslvpn:DEBG] main:333 Failed to find DBUS session bus address in dbus-daemon, try to find in dbus-broker
20241203 16:50:09.963 TZ=-0300 [sslvpn:INFO] main:1288 Load profile: BLN
20241203 16:50:09.963 TZ=-0300 [sslvpn:DEBG] main:1676 FCT UID: F473F21C23864864B1FED27271AA89F6
20241203 16:50:09.964 TZ=-0300 [sslvpn:DEBG] main:1691 EMS not registed
20241203 16:50:09.964 TZ=-0300 [sslvpn:DEBG] main:1704 Public IP is not set
20241203 16:50:09.964 TZ=-0300 [sslvpn:INFO] main:1481 State: Connecting
20241203 16:50:09.979 TZ=-0300 [sslvpn:DEBG] vpn_connection:1506 Server URL: https://vpn.[omitted]:10443
20241203 16:50:09.986 TZ=-0300 [sslvpn:INFO] main:1481 State: Logging in
20241203 16:50:09.986 TZ=-0300 [sslvpn:INFO] sslvpn:92 ApiEncMethod: 0
20241203 16:50:09.986 TZ=-0300 [sslvpn:INFO] sslvpn:93 ApiRemoteAuthTimeout: 120
20241203 16:50:09.986 TZ=-0300 [sslvpn:INFO] sslvpn:94 ApiServerSalt: 127ac17e
20241203 16:50:09.986 TZ=-0300 [sslvpn:INFO] sslvpn:95 flag: 1247
20241203 16:50:09.986 TZ=-0300 [sslvpn:INFO] vpn_connection:1944 /remote/saml/login
20241203 16:50:13.254 TZ=-0300 [sslvpn:DEBG] vpn_connection:406 https server 'vpn.[omitted]' has this certificate, which looks good to me:
/CN=[omitted]
20241203 16:50:13.444 TZ=-0300 [sslvpn:DEBG] vpn_connection:599 http connection closed.
20241203 16:50:13.445 TZ=-0300 [sslvpn:DEBG] vpn_connection:478 Response line: 200 OK
20241203 16:50:13.445 TZ=-0300 [sslvpn:INFO] sslvpn:234 Authentication passed.
20241203 16:50:13.445 TZ=-0300 [sslvpn:INFO] vpn_connection:1944 /remote/fortisslvpn
20241203 16:50:16.676 TZ=-0300 [sslvpn:DEBG] vpn_connection:595 http request error: 1
20241203 16:50:16.676 TZ=-0300 [sslvpn:EROR] vpn_connection:552 socket error = Resource temporarily unavailable (11)
20241203 16:50:16.676 TZ=-0300 [sslvpn:EROR] vpn_connection:1815 Error: Can not connect to VPN server.
20241203 16:50:16.686 TZ=-0300 [sslvpn:DEBG] vpn_util:260 Get connection name: Wired connection 1
20241203 16:50:16.687 TZ=-0300 [sslvpn:DEBG] dns:210 Read DNS backup /etc/nm_resolv.forticlient.backup:
20241203 16:50:16.687 TZ=-0300 [sslvpn:DEBG] dns:213 JSON parse error, content dump:
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] vpn_util:260 List fctvpn connection: Wired connection 1
lo
enp2s0
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] dns:632 default interface restore: 1, vpn interface restore: 1
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] mtu:116 Restore MTU.
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] mtu:120 No MTU backup file was found. Skip.
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] route:160 clean up route...
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] route:164 Cleanup file not found
20241203 16:50:16.694 TZ=-0300 [sslvpn:DEBG] main:1911 exception: Error: Can not connect to VPN server.
20241203 16:50:16.775 TZ=-0300 [sslvpn:INFO] main:1817 Init
20241203 16:50:16.775 TZ=-0300 [sslvpn:INFO] main:1829 VPN is running in restore DNS mode
20241203 16:50:16.787 TZ=-0300 [sslvpn:DEBG] vpn_util:260 Get connection name: Wired connection 1
20241203 16:50:16.788 TZ=-0300 [sslvpn:DEBG] dns:210 Read DNS backup /etc/nm_resolv.forticlient.backup:
20241203 16:50:16.788 TZ=-0300 [sslvpn:DEBG] dns:213 JSON parse error, content dump:
20241203 16:50:16.799 TZ=-0300 [sslvpn:DEBG] vpn_util:260 List fctvpn connection: Wired connection 1
lo
enp2s0
20241203 16:50:16.800 TZ=-0300 [sslvpn:DEBG] dns:632 default interface restore: 1, vpn interface restore: 1
20241203 16:50:16.800 TZ=-0300 [sslvpn:DEBG] mtu:116 Restore MTU.
20241203 16:50:16.800 TZ=-0300 [sslvpn:DEBG] mtu:120 No MTU backup file was found. Skip.

 

 

 

 

Labels:
621
0 Kudos
1 Solution
MZBZ
Staff
Staff

Created on ‎02-13-2025 06:12 PM

1. OpenSUSE is not a supported OS for FortiClient

2. Contact TAC and ask for latest interim build of 7.4 version and test it as this could be related to an nmcli/NM issue.

3. Also test with ethernet connection

4. Wait for release of FortiClient 7.4.3/4 in Q2 2025.

M. B.

View solution in original post

266
0 Kudos
6 REPLIES 6
sjoshi
Staff
Staff

Created on ‎12-04-2024 05:29 AM

Hi,

 

What is the fortios and FCT version

What error you are getting in FGT VPN event logs

Let us know if this helps.
Salon Raj Joshi
617
0 Kudos
neovedder
New Contributor
In response to sjoshi

Created on ‎12-04-2024 08:16 AM Edited on ‎12-04-2024 10:11 AM

Hello Joshi!

Forticlient version: 7.4.0.1636

FortiOS 7.0.15

In the following imagens you can see the server side logs.

The "FGT VPN event logs" you asked, do you mean the sslvpn.log I posted above? If not, please tell me which source log file would you like: sslvpn.log, main.log, fctsched.log or confighandler.log

Screenshot_20241204_131238.pngScreenshot_20241204_131412.png

 

 

587
0 Kudos
neovedder
New Contributor

Created on ‎01-29-2025 05:37 PM

Hi! There is any Fortinet staff to help me to use Forticlient on Opensuse Tumbleweed. As the opening post, It worked previously, but just stopped after some system update and can't work even rolling back to system snapshots. Curiously, I updated my system last week and the client suddenly worked fine for a few days and then just stopped again even without any new update. As far as I know, it is not possible to use the fortisslvpn Network Manager plugin in my case since my provider requires a SAML login in a 365 account. This situation has been driving me crazy because I need to use this VPN in a daily basis (I've been working around via a VM jumpbox, but it drains my computer) My provider just answered that the client sent a RESET to the server. The following log is the excerpt that looks different from the day it worked:

20250129 22:30:51.318 TZ=-0300 [sslvpn:INFO] sslvpn:234 Authentication passed.
20250129 22:30:51.318 TZ=-0300 [sslvpn:INFO] vpn_connection:1944 /remote/fortisslvpn
20250129 22:30:54.393 TZ=-0300 [sslvpn:DEBG] vpn_connection:595 http request error: 1
20250129 22:30:54.393 TZ=-0300 [sslvpn:EROR] vpn_connection:552 socket error = Resource temporarily unavailable (11)
20250129 22:30:54.393 TZ=-0300 [sslvpn:EROR] vpn_connection:1815 Error: Can not connect to VPN server.
20250129 22:30:54.403 TZ=-0300 [sslvpn:DEBG] vpn_util:260 Get connection name: Wired connection 1
20250129 22:30:54.404 TZ=-0300 [sslvpn:DEBG] dns:203 Failed to open /etc/nm_resolv.forticlient.backup
20250129 22:30:54.410 TZ=-0300 [sslvpn:DEBG] vpn_util:260 List fctvpn connection: Wired connection 1
lo
Neo's iPhone
enp2s0
20250129 22:30:54.411 TZ=-0300 [sslvpn:DEBG] dns:632 default interface restore: 1, vpn interface restore: 1
20250129 22:30:54.411 TZ=-0300 [sslvpn:DEBG] mtu:116 Restore MTU.
20250129 22:30:54.411 TZ=-0300 [sslvpn:DEBG] mtu:120 No MTU backup file was found. Skip.
20250129 22:30:54.411 TZ=-0300 [sslvpn:DEBG] route:160 clean up route...
20250129 22:30:54.411 TZ=-0300 [sslvpn:DEBG] route:164 Cleanup file not found
20250129 22:30:54.411 TZ=-0300 [sslvpn:DEBG] main:1911 exception: Error: Can not connect to VPN server.
20250129 22:30:54.430 TZ=-0300 [sslvpn:INFO] main:1817 Init

 

341
0 Kudos
mtrento
New Contributor II

Created on ‎02-11-2025 04:17 AM

Hi ,
TW user here , not a solution but some more debug output .

Once installed , the vpn client with SAML login option, cannot connect and add proper routes.
The connection aborts with the error message : Config routing table failed

Seems like some recent system updates have changed the behavior , prior to recent update , the vpn could connect but could not apply routes .

Now the connection is aborted.


here is a sniped of /var/log/forticlient/sslvpn.log

20250211 12:56:53.178 TZ=+0100 [sslvpn:DEBG] dns:710 Add DNS suffix: domain.local
20250211 12:56:53.178 TZ=+0100 [sslvpn:DEBG] dns:717 Add DNS suffix: domain.local
20250211 12:56:53.178 TZ=+0100 [sslvpn:DEBG] dns:723 Setup default interface
20250211 12:56:53.178 TZ=+0100 [sslvpn:DEBG] dns:729 Disable DHCP auto DNS
20250211 12:56:53.189 TZ=+0100 [sslvpn:DEBG] dns:744 Set IPv4 DNS servers: 10.xxx.xxx.40 10.144.150.41  
20250211 12:56:53.201 TZ=+0100 [sslvpn:DEBG] dns:759 Set IPv4 DNS search domains: domain.local  
20250211 12:56:53.213 TZ=+0100 [sslvpn:DEBG] dns:774 Re-apply settings.
20250211 12:56:53.224 TZ=+0100 [sslvpn:DEBG] dns:791 Setup VPN interface
20250211 12:56:53.224 TZ=+0100 [sslvpn:DEBG] dns:793 Set IPv4 DNS servers: 10.xxx.xxx.40 10.xxx.xxx.41  
20250211 12:56:53.344 TZ=+0100 [sslvpn:DEBG] dns:808 Set IPv4 DNS search domains: domain.local  
20250211 12:56:53.358 TZ=+0100 [sslvpn:DEBG] dns:823 Re-apply settings.
20250211 12:56:53.385 TZ=+0100 [sslvpn:DEBG] dns:182 Restart DNS service failed.
20250211 12:56:53.386 TZ=+0100 [sslvpn:DEBG] dns:192 Flush DNS cache failed.
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:102 route backup START
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:154 route backup DONE
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:396 begin route config
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:397 Remote IP: xxx.xxx.xxx.150
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:398 Local IP: 10.xxx.3.xx
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:399 Tunnel mode: Split tunnel
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:400 Exclusive routing: Disabled
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:474 Add the route for xxxx.xxx.xx.150(10.2xx.xx.254)
20250211 12:56:53.387 TZ=+0100 [sslvpn:DEBG] route:477 Failed to add route for xxx.xxx.x.150(10.2xx.xx.254)
20250211 12:56:53.387 TZ=+0100 [sslvpn:EROR] vpn_connection:1712 Config routing table failed
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:210 Read DNS backup /etc/nm_resolv.forticlient.backup: [{"default_dev_name":"eth1","default_connection_name":"eth1","ignore_auto_dns":"no","system_dns_list":"","system_dns_search_domain_list":"","current_dns_list":
"192.xxx.xxx.40,192.xxx.xxx.41","vpn_dev_name":"fctvpn354ff353"}]
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:547 Restoring DNS config 0:
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:548 Device name: eth1
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:549 Connection name: eth1
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:550 Ignore auto DNS: no
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:551 DNS list:  
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:552 DNS search domain list:  
20250211 12:56:53.389 TZ=+0100 [sslvpn:DEBG] dns:553 VPN device name: fctvpn354ff353

 

Regards

285
0 Kudos
MZBZ
Staff
Staff

Created on ‎02-13-2025 06:12 PM

1. OpenSUSE is not a supported OS for FortiClient

2. Contact TAC and ask for latest interim build of 7.4 version and test it as this could be related to an nmcli/NM issue.

3. Also test with ethernet connection

4. Wait for release of FortiClient 7.4.3/4 in Q2 2025.

M. B.
267
0 Kudos
neovedder
New Contributor

Created on ‎02-27-2025 08:48 AM

I finally got the 7.4.2.1698 version by a friend that works for a partner, and it worked at first. The saddest part was getting a support deny from the official partner of my company. They just answered  since OpenSUSE wasn't supported, they can't provide any assistance.

203
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.