Hello, I'm new at this so be patient with me.
I'm unable to connect to my network remotely via IPsec VPN - I can connect on first PC - however unable to connect via second PC. I checked the client configuration on working PC and matched on PC that isn't connecting.
From my forticlient that isn't connecting via IPsec VPN
IKE phase1 authentication fail as peer's certificate is not verified
2/2/2023 10:52:16 AM info sslvpn date=2023-12-02 time=10:52:15 logver=1 id=96602 type=securityevent subtype=sslvpn eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="SSLVPN service started successfully" vpnstate=
12/2/2023 10:52:25 AM info system date=2023-12-02 time=10:52:24 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Checking for updates"
12/2/2023 10:52:32 AM info update date=2023-12-02 time=10:52:31 logver=1 id=96819 type=systemevent subtype=update eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Update was successful to the given version for the given module"
12/2/2023 10:52:32 AM info update date=2023-12-02 time=10:52:32 logver=1 id=96819 type=systemevent subtype=update eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Update was successful to the given version for the given module"
12/2/2023 10:56:00 AM info ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96566 type=securityevent subtype=ipsecvpn eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent 173.88.153.169 aggressive mode message #1 (OK)" vpntunnel="Home Network"
12/2/2023 10:56:00 AM info ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:00 AM error ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:03 AM info ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:03 AM error ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:03 AM info ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:03 AM error ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:06 AM info ipsecvpn date=2023-12-02 time=10:56:05 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:06 AM error ipsecvpn date=2023-12-02 time=10:56:05 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:09 AM info ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:09 AM error ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:09 AM info ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:09 AM error ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:12 AM warning ipsecvpn date=2023-12-02 time=10:56:11 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:58:35 AM warning ipsecvpn date=2023-12-02 time=10:58:34 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 11:00:28 AM info system date=2023-12-02 time=11:00:27 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Checking for updates"
#FortiClient
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @jakecle67,
Are you using certificate for authentication? Are you connecting from 2 PCs at the same time using the same account?
Regards,
Hello. I'm not using certificates for my authentication. I'm using a username and password. I'm not connecting from 2 PCs at the same time.
Created on 12-05-2023 01:42 AM Edited on 12-05-2023 01:42 AM
Can you double-check? On the FortiGate, in its config ideally.
The logs metion XAUTH and aggressive mode, so presumably this is IKEv1. And in IKEv1, the username+password authentication done in XAUTH is precedent by PSK-, or certificate-, based authentication in phase1.
Do you have peer ID configured on the FortiGate? Since it is working on one PC but not another, it could be a client issue. Both PCs are using the same FortiClient version?
On FortiClient, you can try to reenter the PSK. If it doesn't help, try deleting and creating a new VPN connection.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.