I've just upgraded one of my FG60 router to 7.2.5. OS version.
After that, I've noticed that windows ssl clients (version 7.0.7.0345) can create a tunnel and connect to the device but linux client (version 7.0.7.0246; the highest available in this moment) can not do it. Checked using the same credentials. The credentials works on windows client but on linux don't.
Logs from linux as below:
20230615 21:23:38.359 [sslvpn:DEBG] main:1288 446 bytes sent.
20230615 21:23:38.360 [sslvpn:DEBG] vpn_connection:508 http request error: 1
20230615 21:23:40.441 [sslvpn:DEBG] main:1594 Received user confirmation
20230615 21:23:40.442 [sslvpn:INFO] main:1326 State: Logging in
20230615 21:23:40.442 [sslvpn:INFO] vpn_connection:1530 /remote/info
20230615 21:23:40.775 [sslvpn:DEBG] vpn_connection:512 http connection closed.
20230615 21:23:40.778 [sslvpn:DEBG] vpn_connection:394 Response line: 200 OK
20230615 21:23:40.779 [sslvpn:INFO] sslvpn:76 ApiEncMethod: 0
20230615 21:23:40.779 [sslvpn:INFO] sslvpn:78 ApiRemoteAuthTimeout: 360
20230615 21:23:40.779 [sslvpn:INFO] sslvpn:80 ApiServerSalt: 3906f817
20230615 21:23:40.779 [sslvpn:INFO] sslvpn:81 flag: 7391
20230615 21:23:40.779 [sslvpn:INFO] vpn_connection:1530 /remote/login
20230615 21:23:41.208 [sslvpn:DEBG] vpn_connection:512 http connection closed.
20230615 21:23:41.210 [sslvpn:DEBG] vpn_connection:394 Response line: 200 OK
20230615 21:23:41.211 [sslvpn:INFO] vpn_connection:1530 /remote/logincheck
20230615 21:23:41.715 [sslvpn:DEBG] vpn_connection:512 http connection closed.
20230615 21:23:41.716 [sslvpn:DEBG] vpn_connection:394 Response line: 200 OK
20230615 21:23:41.716 [sslvpn:INFO] sslvpn:336 Authentication passed
20230615 21:23:41.716 [sslvpn:INFO] vpn_connection:1530 /remote/fortisslvpn
20230615 21:23:42.108 [sslvpn:DEBG] vpn_connection:512 http connection closed.
20230615 21:23:42.108 [sslvpn:DEBG] vpn_connection:477 Redirect. Location: /remote/login
20230615 21:23:42.109 [sslvpn:DEBG] vpn_connection:1081 Login process end on status: 8
20230615 21:23:42.109 [sslvpn:DEBG] sslvpn:777 Error 8
20230615 21:23:42.134 [sslvpn:EROR] vpn_connection:1252 Error code [8]. Login failed: Received unexpected response from remote, tunnel mode may not configured properly on remote side.
20230615 21:23:42.136 [sslvpn:DEBG] dns:364 Restore DNS config
20230615 21:23:42.136 [sslvpn:DEBG] dns:416 No backup file was found. Skip.
20230615 21:23:42.136 [sslvpn:DEBG] route:159 begin cleanup linux...
20230615 21:23:42.136 [sslvpn:DEBG] route:161 clean up route...
20230615 21:23:42.136 [sslvpn:DEBG] main:1697 exception: Login failed: Received unexpected response from remote, tunnel mode may not configured properly on remote side.
20230615 21:23:42.414 [sslvpn:INFO] main:1651 Init
20230615 21:23:42.414 [sslvpn:INFO] main:1707 VPN is running in restore DNS mode
20230615 21:23:42.416 [sslvpn:DEBG] dns:364 Restore DNS config
20230615 21:23:42.416 [sslvpn:DEBG] dns:416 No backup file was found. Skip.
Any ideas?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
What is the authentication method you are using?
I am using LDAP Authentication
I can confirm that, for LDAP also exists the same problem.
login and password, local acoount created on FG
I have the same problem
Hello,
Based on the logs you provided, it seems that the Linux client is having trouble establishing a tunnel connection to the FortiGate device. The error message "Received unexpected response from remote, tunnel mode may not be configured properly on remote side" suggests that there might be an issue with the tunnel configuration on the FortiGate.
Here are some suggestions you can try to troubleshoot the issue:
1. Verify the SSL VPN configuration: Check the SSL VPN configuration on the FortiGate device to ensure that the tunnel mode and other settings are configured correctly. You can compare the SSL VPN configuration on the FortiGate with the working Windows client to see if there are any differences.
2. Check the firewall policies: Make sure that the firewall policies on the FortiGate device are configured to allow SSL VPN traffic to pass through. Check the source and destination addresses and ports, and make sure that SSL VPN traffic is not being blocked by any other firewall rules.
3. Check the SSL VPN client settings: Make sure that the SSL VPN client settings on the Linux client are configured correctly. Check the login credentials, the tunnel mode, and the SSL VPN server address.
4. Verify the SSL VPN certificate: Ensure that the SSL VPN certificate is installed on the FortiGate device and that it is valid. If the certificate has expired or is not installed correctly, this could cause issues with the SSL VPN connection.
5. Check the SSL VPN logs: Check the SSL VPN logs on the FortiGate device to see if there are any error messages or warnings related to the SSL VPN connection. Look for messages related to the SSL VPN configuration, the firewall policies, and the SSL VPN client settings.
If you're still having issues after checking these settings, you may need to provide more information about the network topology and the configuration settings on both the FortiGate and the Linux client to help diagnose the issue.
I hope this helps! Let me know if you have any further questions.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.