Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
benthuds
New Contributor

IPsec VPN login failed because no replies are received from FGT (on Linux)

Hello!

 

I have a problem connecting to IPsec VPN with Forticlient 7.2.4 on Linux. The connection configuration works on another PC with Windows, but it doesn't work on Linux. When I try to connect, I receive the notification: "IPsec VPN login failed because no replies are received from FGT". Does anyone know how to solve this?

4 REPLIES 4
AEK
SuperUser
SuperUser

Hi @benthuds 

FortiClient for Linux doesn't support IKEv1. Make sure your FGT IPsec dial-up config is IKEv2.

If it is already IKEv2, try check VPN logs on FG to see if there is any error, under menu Log & Report > Events > VPN logs

 

PS: "FortiClient VPN" free version doesn't support IPsec at all. Only "FortiClient" does.

AEK
AEK
benthuds
New Contributor

I can't confirm if my client uses IKEv2 because the advanced options are not available in the connection menu configuration of FortiClient (they are available in the Windows version). I also can't find any information in the FortiClient settings. I checked the configuration files in "/etc", "/opt", and "~/.config/FortiClient" but didn't find anything. Regarding the client installed on my machine, I installed it via the command line and followed the instructions in the link below. I put the screenshots of the configurations connection and the settings of FortiClient.

https://docs.fortinet.com/document/forticlient/7.2.4/linux-release-notes/213138/install-forticlient-...

 

 

connectionconnectionsettingssettings

 

AEK

You can see if it is IKEv1 or IKEv2 from FortiGate side.

But on your shared screenshots I don't see the remote gateway. You must set it in order to work. Once you set it you can debug from FG side to see what's happening.

diag debug app ike -1
diag debug enable
AEK
AEK
Rajan_kohli
Staff
Staff

Hi,

 

If you are using multiple dialup tunnel make sure to use Peer id so that you can connect to correct tunnel: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPSec-dia...

 

Regards

Rajan

Rajan Kohli
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors