- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortinetclient SSL VPN Unable to use system's key ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinetclient SSL VPN Unable to use system's key store / Object does not exist at path
Hello,
I'm trying to configure a simple SSL VPN using FortiClient on a fresh install of Ubuntu 22.04.4 LTS.
Fortigate seems to be correctly configured (7.2.8): used from MacOSX, and Windows works flawlessly.
I'm installing a Linux Fortinate client using CLI (no GUI) - FortiClient Version: 7.2.4.0809 (installed following section "Ubuntu 22.04 LTS" for 7.2 from https://www.fortinet.com/support/product-downloads/linux ).
Setting up a new connection seems trivial:
ubuntu@ip:~$ forticlient vpn edit myvpn
=====================
Edit personal VPN profile:myvpn
=====================
Type (1.SSL VPN / 2.IPsec VPN) [default=1]: 1
Remote Gateway: 1.2.3.4
Port [default=443]: 7443
Authentication (1.prompt / 2.save / 3.disable) [current=prompt]:1
Certificate Type (1.local (pkcs12) / 2.smartcard (pkcs11) / 3.disable) [current=disable]:3
Hovewer, after the last response during the above configuration stage, I was initially getting:
Unable to use system's key store: The name org.freedesktop.secrets was not provided by any .service files.
DONE.
After that, I found the information below should alleviate the issue (please remember that my environment is CLI only):
sudo apt install gnome-keyring
This changed the error to:
Unable to use system's key store: Object does not exist at path “/org/freedesktop/secrets/collection/login”.
DONE.
Also, ignoring the above errors (if this is not just an informational message) and trying:
ubuntu@ip:~$ forticlient vpn connect myvpnI am getting the following error:
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string::substr: __pos (which is 26) > this->size() (which is 24)
Aborted (core dumped)
Any idea how to approach troubleshooting or what may resolve this issue? What am I missing?
Thanks.
Regards,
S.
Labels:
- Labels:
-
FortiClient
-
FortiGate
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Once you iinstall the gnome keyring, you must also initialize it.
Have you done this?
| Initialize and unlock the login keyring: $ killall gnome-keyring-daemon $ echo -n “your-login-password" | gnome-keyring-daemon --unlock |
(bottom of page)
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Created on 06-24-2024 04:31 AM Edited on 06-24-2024 08:36 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. @AlexC-FTNT . This did help!
Instead of double quotes, single quotes are required, it seems, as otherwise, the command does not pipe over correctly and gets stuck, so:
echo -n 'your-login-password' | gnome-keyring-daemon --unlock
Still, when I try:
ubuntu@ip:~$ forticlient vpn connect myprofile
I get:
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string::substr: __pos (which is 26) > this->size() (which is 24)
(before attempting to connect, I had created a new profile from scratch, which came up without any previous keyring-related errors)
Perhaps I'm still doing something wrong regarding keyring-daemon (I'm unsure how to force it to log more verbose)? Is there any chance this is a bug of some sort?
Also, if I explicitly ask for credentials every time, why do I need to bother with gnome-keyring-daemon at all? Is it possible to disable this functionality entirely (it also increases the space footprint to install extra packages)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure I know what to suggest further. Let's see if others have more ideas.
This was a step that is often missed, so I wanted to make sure it was performed
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a way to raise this issue as a bug, perhaps?
It does look fairly low-level and does not point in any particular direction. It may be very hard to troubleshoot without deep knowledge of what could be at fault, manifesting itself only by this error message.
We are using small 70Fs at the moment, but this configuration works flawlessly on MacOSX and Windows, which suggests that the problem is isolated to the Linux SSL VPN client only.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, there is a way: open a TAC support case with FortiClientEMS Serial Number, FortiClient team will reproduce it and then report it to engineering. They are the team who supports FortiClient and may have more information about this. The free FortiClient version comes with as-is (no support)
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- when running an executable directly from... 2120 Views
- Unable to add IPSec Interface to... 1902 Views
- Manage blacklist in CLI 13386 Views
- FortiClient IPSec VPN to VLAN 15590 Views
Labels
-
FortiGate
7,155 -
FortiClient
1,412 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
456 -
6.0
416 -
FortiAP
375 -
FortiSwitch
372 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
93 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
34 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
Routing
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
SSL SSH inspection
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1062 | |
| 887 | |
| 527 | |
| 441 | |
| 151 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.