Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rajeesh
New Contributor

Created on ‎08-20-2021 06:47 AM

Network error. Can not connect to vpn server- SSL VPN error on big sur

We are getting "Network error. Can not connect to vpn server"  error while connecting SSL VPN on Big sur os.   We are using FortiGate AZUREONDEMAND firewall with  v6.4.2 build1723 (GA).
Preview file
70 KB
54765
0 Kudos
14 REPLIES 14
Mbongenisuccess
New Contributor
In response to etiennearaya

Created on ‎08-30-2022 05:19 AM

am experiencing the same error, however the solution provided is not working on the Mac

5115
0 Kudos
johnnyringo
New Contributor

Created on ‎10-01-2022 10:54 AM

Getting this too on MacOS 12.6 (Monterey), FortiClient VPN 7.0.7.  The FortiGate is a 60-E running firmware 7.0.6.  No problems connecting to the same server using VPN Client 6.0.1 on Windows 10.  

 

The main thing that's throwing me off is the "Do not warn invalid certificate" option basically doesn't work for newer Macs.  So, the certificate must be valid.  I got a LetEncrypt cert, installed that, used a hostname that matched the cert, and now it can connect fine.  

 

One thing to watch out for with the cert is it needs to include the chain.  For LetEncrypt/CertBot, this is the 'fullchain.pem' file.  

 

4752
0 Kudos
tombe
New Contributor
In response to johnnyringo

Created on ‎02-28-2023 12:32 AM

I experienced the same issue on MacOS 13.1, Forticlient VPN 7.0.7, connecting to a FortiGate with invalid certificate. I was able to solve the issue without having to use a valid certificate.

First you need to download the certificate:

openssl s_client -connect {HOSTNAME}:{PORT} </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem

Afterwards, import the pem file in your keychain:

security import mycertfile.pem -k ~/Library/Keychains/login.keychain

 Then, using keychain access, open the certificate and edit the trust settings:

Screenshot 2023-02-28 at 09.02.27.png

3180
0 Kudos
RachelGomez123
Contributor

Created on ‎03-27-2023 10:56 PM

To troubleshoot this yourself if you have this error, try eliminate the client as the issue by accessing the web portal through a web browser via xxx.xxx.xxx.xxx:yyy/ where x is your IP and y is your port. Updating FortiClient to the newest version resolved the issue.

 

Regards,

Rachel Gomez

2878
johnnyringo
New Contributor

Created on ‎03-28-2023 01:02 AM

Yes, there seems to be different behavior after upgrading FortiGate VPN client from 7.0.7 to 7.0.8.  I get a one-time warning about the certificate, and after that, can connect fine without warning.  Oddly, the "Do not Warn Invalid Server Certificate" checkbox always seems to remain unchecked.  

 

Oh well, I guess this is progress.

2872
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.