Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cdoggyd
New Contributor II

IPSec VPN Unable to Connect

I have a Fortigate 60E running 6.2.15 that my remote MacBook Pro users connect to via FortiClient. I typically install the "FortiClientVPNSetup" version of the installer, because we don't use FortiClient for anything else – just VPN. When I installed the latest 7.2 release for a new user and did the config, the user was unable to connect – FortiClient would just show "Connecting" forever. Clicking the Disconnect button did nothing.

 

After a lot of troubleshooting, I uninstalled FortiClient and reinstalled using the full FortiClient installer instead of just VPN. Once that was installed and configured, it worked. Any ideas why the VPNSetup would fail to connect while the full FortiClient would work?

4 REPLIES 4
robin98
New Contributor

The newest version. 4.19.4 I believe? Yes, keep alive is on. I need to check their firewall. Im starting to think it's their router/modem, because the log for the client starts by saying this device is behind a NAT. I'm going to troubleshoot more tonight and I'll update once I have some more details.

https://19216801.onl/ https://routerlogin.uno/
kvimaladevi
Staff
Staff

Hi cdoggyd,

The Forticlient VPN setup version should also get connected without issues but as you say it is stuck in the connecting phase, we will have to check the forticlient logs and the sslvpnd logs by reproducing the issue to understand the reason.


How to enable forticlient logs:

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-enable-debug-log-in-FortiClient/t...

SSLVPN logs:

diag debug reset
diag vpn ssl debug-filter clear
diag vpn ssl debug-filter src-addr4 <client public IP>
diag debug app sslvpn -1
diag debug app fnbamd -1
diag debug console timestamp en
diag debug en

% connect to VPN from test user having issues %

To disable :
diag debug disable

Regards,

Vimala

 

cdoggyd
New Contributor II

I have an IPSec VPN – not SSLVPN.

JonasV
New Contributor III

@cdoggyd, have you looked at the ‘special notices’ here?

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/bee8d4f6-f59a-11ed-8e6d-fa163e...

You might need to verify that FC has / still has the required system permissions and systems extension setting.

 

 

If this does not resolve the issue, we’ll need additional information.

Under FC setting, you should be able to set the log level to debug for ~ 30 minutes. Reproduce the issue and export the logs. 

Kind regards
Kind regards
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors