Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LD
New Contributor II

Created on ‎05-13-2023 03:35 AM

Network error. Can not connect to VPN server in Mac OS

Hello,

 

 

I have a problem with Forticlient VPN connection. When i try connect to server i got massage "Network error. Can not connect to VPN server". I'm using domain name in Remote Gateway. If I use the IP address everything is ok.

 

Mac OS 13.3.1 (but it already happened to me in previous versions)

FortiClient VPN for Mac 7.0.7.0245 (but it already happened to me in previous versions)

FortiGate 60F 7.0.11 (but it already happened to me in previous versions)

 

Ping by domain name works ok, access by web browser by domain name works ok.

 

A Windows computer on the same network as the Mac connects perfectly by domain name.

 

 

Anyone know how to fix it?

 

Thank you,

Labels:
16450
0 Kudos
2 Solutions
kvimaladevi
Staff
Staff

Created on ‎05-16-2023 09:29 PM

Hi LD,

 

We are seeing "SSL_accept failed" error. Could you confirm if you are getting the certificate warning when using FQDN?

From MACOS 10.15 and above, there are new security requirements for Apple devices:
https://support.apple.com/en-ca/HT210176

Regards,
Vimala

View solution in original post

16354
0 Kudos
LD
New Contributor II

Created on ‎06-01-2023 10:04 AM

The solution is to buy an ssl certificate since otherwise Apple devices updated to the latest versions of operating systems do not connect. We added a certificate to our Fortigate and now everything works fine. Thank you

View solution in original post

16176
10 REPLIES 10
sjoshi
Staff
Staff

Created on ‎05-13-2023 06:45 AM

Dear LD,

 

Thank you for posting to the Fortinet Community Forum.

 

Problem Description:-

SSL VPN issue for mac user

 

Can you check whether the domain is being resolved with the correct IP address in MAC PC

Further please share below op:-

diagnose vpn ssl debug-filter src-addr4 <x.x.x.x>

diag debug app sslvpn -1

diag debug en

 

Let us know if this helps.

Thanks

Let us know if this helps.
Salon Raj Joshi
14978
0 Kudos
LD
New Contributor II
In response to sjoshi

Created on ‎05-16-2023 08:31 AM

Hello,

The domain is resolved by ping or web browser:
2023-05-16 12 08 39.jpg

 

 

by domain name (It does not work):
[260:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[260:root:2c]SSL state:before SSL initialization (x.x.x.x)
[260:root:2c]SSL state:before SSL initialization (x.x.x.x)
[260:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[260:root:2c]client cert requirement: no
[260:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[260:root:2c]client cert requirement: no
[260:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data:DH lib(x.x.x.x)
[260:root:2c]SSL_accept failed, 5:(null)
[260:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)
[262:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[262:root:2c]SSL state:before SSL initialization (x.x.x.x)
[262:root:2c]SSL state:before SSL initialization (x.x.x.x)
[262:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[262:root:2c]client cert requirement: no
[262:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[262:root:2c]client cert requirement: no
[262:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data:DH lib(x.x.x.x)
[262:root:2c]SSL_accept failed, 5:(null)
[262:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)

 

14934
LD
New Contributor II
In response to LD

Created on ‎05-16-2023 08:32 AM

by IP (Connection successful):

[263:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[263:root:2c]SSL state:before SSL initialization (x.x.x.x)
[263:root:2c]SSL state:before SSL initialization (x.x.x.x)
[263:root:2c]no SNI received
[263:root:2c]client cert requirement: no
[263:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[263:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[263:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[263:root:2c]no SNI received
[263:root:2c]client cert requirement: no
[263:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[263:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[263:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[263:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[263:root:2c]SSL state:TLSv1.3 early data:DH lib(x.x.x.x)
[263:root:2c]SSL_accept failed, 5:(null)
[263:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)
[264:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[264:root:2c]SSL state:before SSL initialization (x.x.x.x)
[264:root:2c]SSL state:before SSL initialization (x.x.x.x)
[264:root:2c]no SNI received
[264:root:2c]client cert requirement: no
[264:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[264:root:2c]no SNI received
[264:root:2c]client cert requirement: no
[264:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[264:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS read finished (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[264:root:2c]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[264:root:2c]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[264:root:2c]req: /remote/info
[264:root:2c]capability flags: 0x4df
[264:root:2c]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[264:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)
[264:root:2c]SSL state:warning close notify (x.x.x.x)
[265:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[265:root:2c]SSL state:before SSL initialization (x.x.x.x)
[265:root:2c]SSL state:before SSL initialization (x.x.x.x)
[265:root:2c]no SNI received
[265:root:2c]client cert requirement: no
[265:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[265:root:2c]no SNI received
[265:root:2c]client cert requirement: no
[265:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[265:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS read finished (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[265:root:2c]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[265:root:2c]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[265:root:2c]req: /remote/login
[265:root:2c]rmt_web_auth_info_parser_common:492 no session id in auth info
[265:root:2c]rmt_web_get_access_cache:841 invalid cache, ret=4103
[265:root:2c]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[265:root:2c]get_cust_page:128 saml_info 0
[265:root:2c]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[265:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)
[265:root:2c]SSL state:warning close notify (x.x.x.x)
[266:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[266:root:2c]SSL state:before SSL initialization (x.x.x.x)
[266:root:2c]SSL state:before SSL initialization (x.x.x.x)
[266:root:2c]no SNI received
[266:root:2c]client cert requirement: no
[266:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[266:root:2c]no SNI received
[266:root:2c]client cert requirement: no
[266:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[266:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS read finished (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[266:root:2c]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[266:root:2c]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[266:root:2c]req: /remote/logincheck
[266:root:2c]rmt_web_auth_info_parser_common:492 no session id in auth info
[266:root:2c]rmt_web_access_check:760 access failed, uri=[/remote/logincheck],ret=4103,
[266:root:2c]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[266:root:2c]rmt_logincheck_cb_handler:1283 user 'username' has a matched local entry.
[266:root:2c]sslvpn_auth_check_usrgroup:2978 forming user/group list from policy.
[266:root:2c]sslvpn_auth_check_usrgroup:3024 got user (0) group (1:0).
[266:root:2c]sslvpn_validate_user_group_list:1890 validating with SSL VPN authentication rules (1), realm ().
[266:root:2c]sslvpn_validate_user_group_list:1975 checking rule 1 cipher.
[266:root:2c]sslvpn_validate_user_group_list:1983 checking rule 1 realm.
[266:root:2c]sslvpn_validate_user_group_list:1994 checking rule 1 source intf.
[266:root:2c]sslvpn_validate_user_group_list:2033 checking rule 1 vd source intf.
[266:root:2c]sslvpn_validate_user_group_list:2526 rule 1 done, got user (0:0) group (1:0) peer group (0).
[266:root:2c]sslvpn_validate_user_group_list:2534 got user (0:0) group (1:0) peer group (0).
[266:root:2c]sslvpn_validate_user_group_list:2876 got user (0:0), group (1:0) peer group (0).
[266:root:2c]sslvpn_update_user_group_list:1793 got user (0:0), group (1:0), peer group (0) after update.
[266:root:2c]two factor check for username: off
[266:root:2c]sslvpn_authenticate_user:183 authenticate user: [username]
[266:root:2c]sslvpn_authenticate_user:197 create fam state
[266:root:2c]fam_auth_send_req:947 clear local user flag and do authentication again.
[266:root:2c][fam_auth_send_req_internal:426] Groups sent to FNBAM:
[266:root:2c]group_desc[0].grpname = VPN Users
[266:root:2c][fam_auth_send_req_internal:438] FNBAM opt = 0X200421
[266:root:2c]fam_auth_send_req_internal:514 fnbam_auth return: 4
[266:root:2c]fam_auth_send_req:1007 task finished with 4
[266:root:2c]fam_auth_proc_resp:1352 fnbam_auth_update_result return: 0 (success)
[266:root:2c][fam_auth_proc_resp:1451] Authenticated groups (1) by FNBAM with auth_type (16):
[266:root:2c]Received: auth_rsp_data.grp_list[0] = 2
[266:root:2c]fam_auth_proc_resp:1476 found node VPN Users:0:, valid:1, auth:0
[266:root:2c]Validated: auth_rsp_data.grp_list[0] = VPN Users
[266:root:2c]Auth successful for user username in group VPN Users
[266:root:2c]fam_do_cb:665 fnbamd return auth success.
[266:root:2c]SSL VPN login matched rule (1).
[266:root:2c]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[266:root:2c]rmt_web_session_create:1209 create web session, idx[0]
[266:root:2c]login_succeeded:536 redirect to hostcheck
[266:root:2c]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[266:root:2c]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[266:root:2c]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[266:root:2c]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[266:root:2c]SSL state:warning close notify (x.x.x.x)
[266:root:2c]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[266:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)
[266:root:2c]SSL state:warning close notify (x.x.x.x)
[259:root:2d]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[259:root:2d]SSL state:before SSL initialization (x.x.x.x)
[259:root:2d]SSL state:before SSL initialization (x.x.x.x)
[259:root:2d]no SNI received
[259:root:2d]client cert requirement: no
[259:root:2d]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[259:root:2d]no SNI received
[259:root:2d]client cert requirement: no
[259:root:2d]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write finished (x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[259:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS read finished (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[259:root:2d]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[259:root:2d]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[259:root:2d]req: /remote/fortisslvpn
[259:root:2d]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[259:root:2d]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[259:root:2d]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[259:root:2d]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[259:root:2d]Destroy sconn 0x7fa9956500, connSize=0. (root)
[259:root:2d]SSL state:warning close notify (x.x.x.x)
[260:root:2d]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[260:root:2d]SSL state:before SSL initialization (x.x.x.x)
[260:root:2d]SSL state:before SSL initialization (x.x.x.x)
[260:root:2d]no SNI received
[260:root:2d]client cert requirement: no
[260:root:2d]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2d]no SNI received
[260:root:2d]client cert requirement: no
[260:root:2d]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write finished (x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[260:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS read finished (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[260:root:2d]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[260:root:2d]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[260:root:2d]req: /remote/fortisslvpn_xml
[260:root:2d]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[260:root:2d]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[260:root:2d]sslvpn_reserve_dynip:1476 tunnel vd[root] ip[z.z.z.z] app session idx[0]
[260:root:2d]sslConnGotoNextState:308 error (last state: 1, closeOp: 0)
[260:root:2d]Destroy sconn 0x7fa9956500, connSize=0. (root)
[260:root:2d]SSL state:warning close notify (x.x.x.x)
[262:root:2d]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[262:root:2d]SSL state:before SSL initialization (x.x.x.x)
[262:root:2d]SSL state:before SSL initialization (x.x.x.x)
[262:root:2d]no SNI received
[262:root:2d]client cert requirement: no
[262:root:2d]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2d]no SNI received
[262:root:2d]client cert requirement: no
[262:root:2d]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write finished (x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[262:root:2d]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS read finished (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[262:root:2d]SSL state:SSLv3/TLS write session ticket (x.x.x.x)
[262:root:2d]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[262:root:2d]req: /remote/sslvpn-tunnel?uuid=B32526F2D0275
[262:root:2d]sslvpn_tunnel_handler,52, Calling rmt_conn_access_ex.
[262:root:2d]deconstruct_session_id:709 decode session id ok, user=[username], group=[VPN Users],authserver=[AD-LDAP],portal=[Portal VPN Domain],host[x.x.x.x],realm=[],csrf_token=[1655BD40B0B19A1213AB9565E53D60],idx=0,auth=16,sid=68a901b1,login=1684250327,access=1684250327,saml_logout_url=no,pip=no,grp_info=[zK75Dh],rmt_grp_info=[zRE00k]
[262:root:2d]sslvpn_tunnel_handler,109, fct_uuid = B32526F2D027596186935FCC013EFE7D
[262:root:2d]sslvpn_tunnel_handler,161, Calling tunnel.
[262:root:2d]tunnelEnter:484 0x7fa9956500:0x7fa8c60000 sslvpn user[username],type 16,logintime 0 vd 0 vrf 0
[262:root:2d]sconn 0x7fa9956500 (0:root) vfid=0 local=[y.y.y.y] remote=[x.x.x.x] dynamicip=[z.z.z.z]
[262:root:2d]Prepare to launch ppp service...
[262:root:2d]tun: ppp 0x7fa8cb8000 dev (ssl.root) opened fd 27
[262:root:2d]Will add auth policy for policy 39 for user username:VPN Users
[262:root:2d]Will add auth policy for policy 32 for user username:VPN Users
[262:root:2d]Will add auth policy for policy 43 for user username:VPN Users
[262:root:2d]Will add auth policy for policy 3 for user username:VPN Users
[262:root:2d]Add auth logon for user username:VPN Users, matched group number 1
[262:root:0]RCV: LCP Configure_Request id(1) len(14) [Maximum_Received_Unit 1354] [Magic_Number 07225517]
[262:root:0]SND: LCP Configure_Request id(1) len(10) [Magic_Number F4B78D69]
[262:root:0]lcp_reqci: returning CONFACK.
[262:root:0]SND: LCP Configure_Ack id(1) len(14) [Maximum_Received_Unit 1354] [Magic_Number 07225517]

 

14899
0 Kudos
martinwayne
New Contributor
In response to LD

Created on ‎12-12-2023 05:45 AM

@LD wrote:

Hello,

The domain is resolved by ping or web browser:
2023-05-16 12 08 39.jpg

 

 

by domain name (It does not work):
[260:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[260:root:2c]SSL state:before SSL initialization (x.x.x.x)
[260:root:2c]SSL state:before SSL initialization (x.x.x.x)
[260:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[260:root:2c]client cert requirement: no
[260:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[260:root:2c]client cert requirement: no network security solutions
[260:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[260:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[260:root:2c]SSL state:TLSv1.3 early data:DH lib(x.x.x.x)
[260:root:2c]SSL_accept failed, 5:(null)
[260:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)
[262:root:2c]allocSSLConn:307 sconn 0x7fa9956500 (0:root)
[262:root:2c]SSL state:before SSL initialization (x.x.x.x)
[262:root:2c]SSL state:before SSL initialization (x.x.x.x)
[262:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[262:root:2c]client cert requirement: no IT Solutions for Schools
[262:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write change cipher spec (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2c]got SNI server name: mydomain.fortiddns.com realm (null)
[262:root:2c]client cert requirement: no
[262:root:2c]SSL state:SSLv3/TLS read client hello (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write server hello (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 write encrypted extensions (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write certificate (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 write server certificate verify (x.x.x.x)
[262:root:2c]SSL state:SSLv3/TLS write finished (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data (x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data:system lib(x.x.x.x)
[262:root:2c]SSL state:TLSv1.3 early data:DH lib(x.x.x.x)
[262:root:2c]SSL_accept failed, 5:(null)
[262:root:2c]Destroy sconn 0x7fa9956500, connSize=0. (root)

Thanks it's really working!

11196
0 Kudos
kvimaladevi
Staff
Staff

Created on ‎05-16-2023 09:29 PM

Hi LD,

 

We are seeing "SSL_accept failed" error. Could you confirm if you are getting the certificate warning when using FQDN?

From MACOS 10.15 and above, there are new security requirements for Apple devices:
https://support.apple.com/en-ca/HT210176

Regards,
Vimala

16355
0 Kudos
LD
New Contributor II
In response to kvimaladevi

Created on ‎05-17-2023 04:28 AM

Hi Vimala,

 

The certificate warning only appears if you are connecting by IP. Connecting by FQDN does not appear.


Regards,

14892
0 Kudos
KannonLucian
New Contributor

Created on ‎05-22-2023 08:40 AM Edited on ‎06-19-2023 04:21 AM

When facing a "Network error. Cannot connect to VPN server" message with Forticlient VPN on Mac OS, there are a few steps you can take to address the issue. First, try clearing the DNS cache by opening Terminal and entering the command: sudo killall -HUP mDNSResponder. This can help resolve any DNS-related problems. Additionally, verify your DNS settings on the Mac and ensure they are correctly configured. You can try using alternative DNS servers such as Google DNS (8.8.8.8 and 8.8.4.4) or OpenDNS (208.67.222.222 and 208.67.220.220). If the issue persists, check if there are any firewall settings or security software on your Mac that could be blocking the VPN connection. Temporarily disabling such software or adding exceptions for the VPN might help. Lastly, make sure your Forticlient VPN software is up to date, as newer versions may include bug fixes and compatibility improvements.

14841
0 Kudos
LD
New Contributor II

Created on ‎06-01-2023 10:04 AM

The solution is to buy an ssl certificate since otherwise Apple devices updated to the latest versions of operating systems do not connect. We added a certificate to our Fortigate and now everything works fine. Thank you

16177
martinwayne
New Contributor
In response to LD

Created on ‎03-30-2024 10:42 PM Edited on ‎04-08-2024 11:52 AM

@LD wrote:

The solution is to buy an ssl certificate since otherwise Apple devices updated to the latest versions of operating systems do not connect. We added a certificate to our Fortigate and now everything works fine. Thank you

Explained well.

8188
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.