Fortinet tunnel is showing inactive state

JoaquimdeSousa · ‎01-09-2025

Hello All,

I have this issue. FortiGate 40F (v6.4.15 build2095)

Reproduction : I use the GUI not the CLI.

1. I created a vpn user

2. I assigned this user to a vpn group

3. I used th VPN wizard to create an Dialup FortiClient (Windows, Mac OS, Android) :
-> https://docs.fortinet.com/document/fortigate/6.4.15/administration-guide/785501/forticlient-as-dialu...

4. In Firewall & Objects
-> Addresses :
-> Created automatically -> vpn1_range = 192.168.1.1-192.168.1.254
-> Created automatically -> vpn1_split = members = lan
-> Firewall Policy :
-> Created automatically -> vpn_vpn1_remote_0

-> The VPN was created, but shows INACTIVE.

I really don't understand. Can some help, please ?

Kind Regards,
Jo

dingjerry_FTNT · ‎01-09-2025

Hi @JoaquimdeSousa ,

You have to make sure that the FortiClient settings match the settings on FortiGate.

If it still does not work, you have to run the IKE debug commands.

Regards,

Jerry

JoaquimdeSousa · ‎01-09-2025

here is a better image : https://ibb.co/64t3c4z

dingjerry_FTNT · ‎01-09-2025

Hi @JoaquimdeSousa ,

Thanks. Some settings on FCT do not match the settings on FGT. Such as:

Proposals in Phase1 and Phase2;

DH group in Phase2;

You have to make sure that the address range in phase1 is not part of your internal network which you want to allow FCT clients to access.

So it's still better to run the IKE debug commands to collect outputs for further troubleshooting.

Regards,

Jerry

Fortinet tunnel is showing inactive state

Nominate a Forum Post for Knowledge Article Creation