Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ferrara_Evan
New Contributor II

Problem with FortiSSLVPN and FortiClient in RDM

Hello,

 

I'm trying to use FortiClient with an SSL connection or FortiSSLVPN in RDM (Remote Desktop Manager). 

 

My problems are that, in RDM when I configure my VPN to FortiClient with the path of ipsec.exe, the FortiClient doesn't connect. A CMD pop-up appears and disappears immediately. 

 

As a result, I tried to select the FortiSSL. The GUI launch but it can't connect even I click on the "Connect" button.

But, if I have FortiClient launched in background and FortiSSL configured in RDM, the FortiSSL and FortiClient try to connect but neither of them get an IP address. 

 

I already contacted Devolutions, they wanted the command line for each VPN. 

I sended this command fort the FortiClient : "ipsec.exe -k -b -U "username" -P "password" "server IP"" (don't work)

For the FortiSSLVPN : FortiSSLVPNclient.exe connect -h serverIP:Port -u username:password -i (work but can't connect)

 

Best regards, 

Ferrara Evan 

12 REPLIES 12
Anthony_E
Community Manager
Community Manager

Hello Evan,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Ferrara_Evan
New Contributor II

Hello Anthony, 

 

Thank you for your answer. 

 

With FortiClient, I tilt that I try to connect via SSL, but I launch ipsec.exe. It's not the problem ? 

Best regards,

Ferrara Evan

Anthony_E
Community Manager
Community Manager

Hello Evan,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
srajeswaran
Staff
Staff

Hi Ferrara,

 

The below article explains the commands to launch SSL-VPN from commandline, can you try using these with the RDM setup?
https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-use-FortiClient-SSL-VPN-from-the-...

You also mentioned about a scenario where there is no IP assigned to client, can you run a wireshark capture and check if there are any packets/transactions between your machine and the VPN gateway during this time?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Ferrara_Evan

Hello,

 

I've already tried this command (see my first messages), and it's doesn't work. 

 

Yes, there are packets in transactions between my machine and the VPN gateway. This problem with the IP address, has come always when the 2 software is running. 

 

Best regards,

Ferrara Evan. 

 

 

 

 

Ferrara_Evan

Hello,

 

I also have this line when I use WireShark (see attachments)

 

In red case is the FortiGate, and in black is the host (my computer).

 

Capture d’écran 2023-03-20 141442.png

 
 

Best regards, 

Ferrara Evan

srajeswaran

As per the capture, the host device is sending a FIN right after the TCP 3 way handshake, there is not even a single SSL transaction.. Ideally there will be a Client Hello after the TCP handshake.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Ferrara_Evan

Hello,

 

No I don't have a Client Hello. 

 

I captured by the packet with FortiClient (available on the Fortinet Support) and I saw the Client Hello. 

The problem with the FortiClient is that is doesn't work on RDM and even with the CLI. 

 

Best regards,

Ferrara Evan 

Ferrara_Evan

Hello, 

 

Do you have any solutions about my problems ? 

 

We really need to use FortiClient or FortiClient VPN SSL in RDM. 

 

Best regards,
Ferrara Evan

Top Kudoed Authors