Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
benthuds
New Contributor

Created on ‎05-16-2024 12:08 PM

IPsec VPN login failed because no replies are received from FGT (on Linux)

Hello!

 

I have a problem connecting to IPsec VPN with Forticlient 7.2.4 on Linux. The connection configuration works on another PC with Windows, but it doesn't work on Linux. When I try to connect, I receive the notification: "IPsec VPN login failed because no replies are received from FGT". Does anyone know how to solve this?

Labels:
1782
0 Kudos
4 REPLIES 4
AEK
SuperUser
SuperUser

Created on ‎05-16-2024 01:00 PM Edited on ‎05-16-2024 01:01 PM

Hi @benthuds 

FortiClient for Linux doesn't support IKEv1. Make sure your FGT IPsec dial-up config is IKEv2.

If it is already IKEv2, try check VPN logs on FG to see if there is any error, under menu Log & Report > Events > VPN logs

 

PS: "FortiClient VPN" free version doesn't support IPsec at all. Only "FortiClient" does.

AEK
AEK
1762
0 Kudos
benthuds
New Contributor
In response to AEK

Created on ‎05-17-2024 02:48 PM

I can't confirm if my client uses IKEv2 because the advanced options are not available in the connection menu configuration of FortiClient (they are available in the Windows version). I also can't find any information in the FortiClient settings. I checked the configuration files in "/etc", "/opt", and "~/.config/FortiClient" but didn't find anything. Regarding the client installed on my machine, I installed it via the command line and followed the instructions in the link below. I put the screenshots of the configurations connection and the settings of FortiClient.

https://docs.fortinet.com/document/forticlient/7.2.4/linux-release-notes/213138/install-forticlient-...

 

 

connectionconnectionsettingssettings

 

1681
0 Kudos
AEK
SuperUser
SuperUser
In response to benthuds

Created on ‎05-18-2024 03:49 AM

You can see if it is IKEv1 or IKEv2 from FortiGate side.

But on your shared screenshots I don't see the remote gateway. You must set it in order to work. Once you set it you can debug from FG side to see what's happening.

diag debug app ike -1
diag debug enable
AEK
AEK
1650
0 Kudos
Rajan_kohli
Staff
Staff

Created on ‎05-19-2024 06:21 AM

Hi,

 

If you are using multiple dialup tunnel make sure to use Peer id so that you can connect to correct tunnel: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPSec-dia...

 

Regards

Rajan

Rajan Kohli
1572
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.