Hi,
we are trying to implement DUO 2FA in our company when using the FortiClient. Everything is working fine on Windows, but we get errors on macOS devices. Those errors are related to the FortiClient itself, unfortuantely.
It looks like the FC is getting a timeout after about 15 seconds and then throws those two errors (at the bottom of the log file) at the same time.
fortiagent.log:
fortiagent.log:20210211 11:08:40.028 [VPNControl::DEBG] VPNMessageBridge:276 SimpleServer: accepted [19]
fortiagent.log:20210211 11:08:40.028 [VPNControl::DEBG] VPNMessageBridge:113 Start session [19]
fortiagent.log:20210211 11:08:40.100 [fctgui:INFO] FCTVpnConnection:576 Received the passive connection command
fortiagent.log:20210211 11:08:40.101 [VPNControl::DEBG] VPNMessageBridge:276 SimpleServer: disconnected [19]
fortiagent.log:20210211 11:08:40.103 [VPNControl::DEBG] VPNMessageBridge:118 End session [19]
fortiagent.log:20210211 11:08:40.201 [fctgui:DEBG] FCTVpnConnection:2029 check fctctld
fortiagent.log:20210211 11:08:40.208 [fctgui:INFO] FCTVpnConnection:691 Starting connection:Duo SSL VPN RGB
fortiagent.log:20210211 11:08:40.210 [fctgui:INFO] FCTVpnConnection:797 SSL VPN Proxy is disabled
fortiagent.log:20210211 11:08:40.212 [fctgui:INFO] FCTVpnConnection:910 connecting to server xxxxxxxx.net:443 with realm:duo
fortiagent.log:20210211 11:08:40.217 [ipsec:DEBG] vpn_control_cli:67 ipseccon_send: 24
fortiagent.log:20210211 11:08:40.326 [sslvpn:DEBG] unknown:0 get server info
fortiagent.log:20210211 11:08:40.327 [sslvpn:DEBG] unknown:0 URL: https://xxxxxxxx:443/remote/info
fortiagent.log:20210211 11:08:41.382 [sslvpn:DEBG] unknown:0 Peer's certificate verification result: 0
fortiagent.log:20210211 11:08:41.384 [sslvpn:DEBG] unknown:0 get login page
fortiagent.log:20210211 11:08:41.385 [sslvpn:DEBG] unknown:0 URL: https://xxxxxxxx:443/remote/login?realm=duo
fortiagent.log:20210211 11:08:42.410 [sslvpn:INFO] unknown:0 try to get cookie for the first time
fortiagent.log:20210211 11:08:42.411 [sslvpn:DEBG] unknown:0 post to login
fortiagent.log:20210211 11:08:42.413 [sslvpn:INFO] unknown:0 Realm is enabled: duo
fortiagent.log:20210211 11:08:42.415 [sslvpn:DEBG] unknown:0 URL: https://xxxxxxxx:443/remote/logincheck
fortiagent.log:20210211 11:08:46.280 [sslvpn:DEBG] unknown:0 RESPONSE[256]:
fortiagent.log:20210211 11:08:46.313 [sslvpn:DEBG] unknown:0 get /remote/fortisslvpn
fortiagent.log:20210211 11:08:46.326 [sslvpn:DEBG] unknown:0 URL: https://xxxxxxxx:443/remote/fortisslvpn
fortiagent.log:20210211 11:09:00.534 [fctgui:EROR] FCTVpnConnection:1704 -113 - The VPN connection terminates unexpectedly! (Error Code: -113)
fortiagent.log:20210211 11:09:00.535 [fctgui:INFO] FCTVpnConnection:1760 failure happens so terminate this vpn connection
fortiagent.log:20210211 11:09:00.537 [fctgui:DEBG] FCTVpnConnection:1047 connection state: 3
fortiagent.log:20210211 11:09:01.717 [fctgui:EROR] FCTVpnConnection:1704 -121 - The VPN connection terminates unexpectedly! (Error Code: -121)
fortiagent.log:20210211 11:09:01.718 [fctgui:INFO] FCTVpnConnection:1760 failure happens so terminate this vpn connection
//edit: some more information:
I can verify that the authentication is working and our Radius server is able to verify the user credentials. And like I already mentioned, Windows is working fine.
I have no idea how to solve that issue. It appears on several FortiClient Versions (6.0.1, 6.2.4, 6.4.3) and on different macOS versions (Mojave, Catalina, Big Sur).
Any help is very appreciated!
Thanks!
Marius
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you fix the issue?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.