Problem with FortiSSLVPN and FortiClient in RDM

Ferrara_Evan · ‎03-10-2023

Hello,

I'm trying to use FortiClient with an SSL connection or FortiSSLVPN in RDM (Remote Desktop Manager).

My problems are that, in RDM when I configure my VPN to FortiClient with the path of ipsec.exe, the FortiClient doesn't connect. A CMD pop-up appears and disappears immediately.

As a result, I tried to select the FortiSSL. The GUI launch but it can't connect even I click on the "Connect" button.

But, if I have FortiClient launched in background and FortiSSL configured in RDM, the FortiSSL and FortiClient try to connect but neither of them get an IP address.

I already contacted Devolutions, they wanted the command line for each VPN.

I sended this command fort the FortiClient : "ipsec.exe -k -b -U "username" -P "password" "server IP"" (don't work)

For the FortiSSLVPN : FortiSSLVPNclient.exe connect -h serverIP:Port -u username:password -i (work but can't connect)

Best regards,

Ferrara Evan

Anthony_E · ‎03-12-2023

Hello Evan,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Ferrara_Evan · ‎03-13-2023

Hello Anthony,

Thank you for your answer.

With FortiClient, I tilt that I try to connect via SSL, but I launch ipsec.exe. It's not the problem ?

Best regards,

Ferrara Evan

Anthony_E · ‎03-14-2023

Hello Evan,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

srajeswaran · ‎03-16-2023

Hi Ferrara,

The below article explains the commands to launch SSL-VPN from commandline, can you try using these with the RDM setup?
https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-use-FortiClient-SSL-VPN-from-the-...

You also mentioned about a scenario where there is no IP assigned to client, can you run a wireshark capture and check if there are any packets/transactions between your machine and the VPN gateway during this time?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Ferrara_Evan · ‎03-20-2023

Hello,

I've already tried this command (see my first messages), and it's doesn't work.

Yes, there are packets in transactions between my machine and the VPN gateway. This problem with the IP address, has come always when the 2 software is running.

Best regards,

Ferrara Evan.

Ferrara_Evan · ‎03-20-2023

Hello,

I also have this line when I use WireShark (see attachments)

In red case is the FortiGate, and in black is the host (my computer).

Capture d’écran 2023-03-20 141442.png

Best regards,

Ferrara Evan

srajeswaran · ‎03-20-2023

As per the capture, the host device is sending a FIN right after the TCP 3 way handshake, there is not even a single SSL transaction.. Ideally there will be a Client Hello after the TCP handshake.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Ferrara_Evan · ‎03-21-2023

Hello,

No I don't have a Client Hello.

I captured by the packet with FortiClient (available on the Fortinet Support) and I saw the Client Hello.

The problem with the FortiClient is that is doesn't work on RDM and even with the CLI.

Best regards,

Ferrara Evan

Ferrara_Evan · ‎03-26-2023

Hello,

Do you have any solutions about my problems ?

We really need to use FortiClient or FortiClient VPN SSL in RDM.

Best regards,
Ferrara Evan

Problem with FortiSSLVPN and FortiClient in RDM

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website