SSL VPN ERROR

Umesh · ‎03-21-2025

I have come here to get the solution. not able to establish SSL VPN with Fortigate evuation license.

Please review the logs may be I have missed someting .

FGVMEVD9RPZGR-D9 login:

FGVMEVD9RPZGR-D9 login: admin
Password:
Welcome!

FGVMEVD9RPZGR-D9 # diagnose sniffer packet any "port 4443" 4
Using Original Sniffing Mode
interfaces=[any]
filters=[port 4443]
27.235570 port1 in 192.168.45.52.55327 -> 192.168.45.21.4443: syn 2701819393
27.235656 port1 out 192.168.45.21.4443 -> 192.168.45.52.55327: syn 2693275210 ack 2701819394
27.241739 port1 in 192.168.45.52.55327 -> 192.168.45.21.4443: ack 2693275211
27.252798 port1 in 192.168.45.52.55327 -> 192.168.45.21.4443: fin 2701819394 ack 2693275211
27.254279 port1 out 192.168.45.21.4443 -> 192.168.45.52.55327: psh 2693275211 ack 2701819395
27.256603 port1 out 192.168.45.21.4443 -> 192.168.45.52.55327: fin 2693275218 ack 2701819395
27.260577 port1 in 192.168.45.52.55327 -> 192.168.45.21.4443: rst 2701819395 ack 2693275218
27.860430 port1 in 192.168.45.52.55331 -> 192.168.45.21.4443: syn 1613144277
27.860503 port1 out 192.168.45.21.4443 -> 192.168.45.52.55331: syn 3680346627 ack 1613144278
27.866781 port1 in 192.168.45.52.55331 -> 192.168.45.21.4443: ack 3680346628
27.866833 port1 in 192.168.45.52.55331 -> 192.168.45.21.4443: fin 1613144278 ack 3680346628
27.867881 port1 out 192.168.45.21.4443 -> 192.168.45.52.55331: psh 3680346628 ack 1613144279
27.868235 port1 out 192.168.45.21.4443 -> 192.168.45.52.55331: fin 3680346635 ack 1613144279
27.874481 port1 in 192.168.45.52.55331 -> 192.168.45.21.4443: rst 1613144279 ack 3680346635
27.952285 port1 in 192.168.45.52.55332 -> 192.168.45.21.4443: syn 3286422250
27.952350 port1 out 192.168.45.21.4443 -> 192.168.45.52.55332: syn 1696060828 ack 3286422251
27.961222 port1 in 192.168.45.52.55332 -> 192.168.45.21.4443: ack 1696060829
27.961261 port1 in 192.168.45.52.55332 -> 192.168.45.21.4443: psh 3286422251 ack 1696060829
27.961277 port1 out 192.168.45.21.4443 -> 192.168.45.52.55332: ack 3286422409
27.979626 port1 out 192.168.45.21.4443 -> 192.168.45.52.55332: 1696060829 ack 3286422409
27.980080 port1 out 192.168.45.21.4443 -> 192.168.45.52.55332: psh 1696062289 ack 3286422409
27.987242 port1 in 192.168.45.52.55332 -> 192.168.45.21.4443: ack 1696062821
27.992255 port1 in 192.168.45.52.55332 -> 192.168.45.21.4443: fin 3286422409 ack 1696062821
27.992289 port1 in 192.168.45.52.55333 -> 192.168.45.21.4443: syn 3818293968
27.992341 port1 out 192.168.45.21.4443 -> 192.168.45.52.55333: syn 233202257 ack 3818293969
27.993763 port1 out 192.168.45.21.4443 -> 192.168.45.52.55332: psh 1696062821 ack 3286422410
27.994841 port1 out 192.168.45.21.4443 -> 192.168.45.52.55332: fin 1696062828 ack 3286422410
28.001207 port1 in 192.168.45.52.55333 -> 192.168.45.21.4443: ack 233202258
28.001260 port1 in 192.168.45.52.55332 -> 192.168.45.21.4443: rst 3286422410 ack 1696062828
28.001282 port1 in 192.168.45.52.55333 -> 192.168.45.21.4443: psh 3818293969 ack 233202258
28.001307 port1 out 192.168.45.21.4443 -> 192.168.45.52.55333: ack 3818294127
28.003275 port1 out 192.168.45.21.4443 -> 192.168.45.52.55333: 233202258 ack 3818294127
28.007245 port1 out 192.168.45.21.4443 -> 192.168.45.52.55333: psh 233203718 ack 3818294127
28.012998 port1 in 192.168.45.52.55333 -> 192.168.45.21.4443: ack 233204250
28.013091 port1 in 192.168.45.52.55333 -> 192.168.45.21.4443: fin 3818294127 ack 233204250
28.013323 port1 out 192.168.45.21.4443 -> 192.168.45.52.55333: psh 233204250 ack 3818294128
28.013898 port1 out 192.168.45.21.4443 -> 192.168.45.52.55333: fin 233204257 ack 3818294128
28.014832 port1 in 192.168.45.52.55334 -> 192.168.45.21.4443: syn 4251122296
28.014913 port1 out 192.168.45.21.4443 -> 192.168.45.52.55334: syn 2738590395 ack 4251122297
28.018889 port1 in 192.168.45.52.55333 -> 192.168.45.21.4443: rst 3818294128 ack 233204257
28.021396 port1 in 192.168.45.52.55334 -> 192.168.45.21.4443: ack 2738590396
28.021460 port1 in 192.168.45.52.55334 -> 192.168.45.21.4443: psh 4251122297 ack 2738590396
28.021481 port1 out 192.168.45.21.4443 -> 192.168.45.52.55334: ack 4251122455
28.022998 port1 out 192.168.45.21.4443 -> 192.168.45.52.55334: 2738590396 ack 4251122455
28.023533 port1 out 192.168.45.21.4443 -> 192.168.45.52.55334: psh 2738591856 ack 4251122455
28.032620 port1 in 192.168.45.52.55334 -> 192.168.45.21.4443: ack 2738592388
28.032648 port1 in 192.168.45.52.55334 -> 192.168.45.21.4443: fin 4251122455 ack 2738592388
28.032662 port1 in 192.168.45.52.55335 -> 192.168.45.21.4443: syn 3386351511
28.032735 port1 out 192.168.45.21.4443 -> 192.168.45.52.55335: syn 398628274 ack 3386351512
28.033763 port1 out 192.168.45.21.4443 -> 192.168.45.52.55334: psh 2738592388 ack 4251122456
28.035224 port1 out 192.168.45.21.4443 -> 192.168.45.52.55334: fin 2738592395 ack 4251122456
28.040543 port1 in 192.168.45.52.55334 -> 192.168.45.21.4443: rst 4251122456 ack 2738592395
28.040575 port1 in 192.168.45.52.55335 -> 192.168.45.21.4443: ack 398628275
28.040599 port1 in 192.168.45.52.55335 -> 192.168.45.21.4443: fin 3386351512 ack 398628275
28.041137 port1 out 192.168.45.21.4443 -> 192.168.45.52.55335: psh 398628275 ack 3386351513
28.041518 port1 in 192.168.45.52.55336 -> 192.168.45.21.4443: syn 2693966771
28.041563 port1 out 192.168.45.21.4443 -> 192.168.45.52.55336: syn 555373003 ack 2693966772
28.042485 port1 out 192.168.45.21.4443 -> 192.168.45.52.55335: fin 398628282 ack 3386351513
28.047167 port1 in 192.168.45.52.55335 -> 192.168.45.21.4443: rst 3386351513 ack 398628282
28.047200 port1 in 192.168.45.52.55336 -> 192.168.45.21.4443: ack 555373004
28.047223 port1 in 192.168.45.52.55336 -> 192.168.45.21.4443: psh 2693966772 ack 555373004
28.047238 port1 out 192.168.45.21.4443 -> 192.168.45.52.55336: ack 2693966930
28.048491 port1 out 192.168.45.21.4443 -> 192.168.45.52.55336: 555373004 ack 2693966930
28.049139 port1 out 192.168.45.21.4443 -> 192.168.45.52.55336: psh 555374464 ack 2693966930
28.055510 port1 in 192.168.45.52.55336 -> 192.168.45.21.4443: ack 555374996
28.055537 port1 in 192.168.45.52.55336 -> 192.168.45.21.4443: fin 2693966930 ack 555374996
28.055550 port1 in 192.168.45.52.55337 -> 192.168.45.21.4443: syn 1215154457
28.055585 port1 out 192.168.45.21.4443 -> 192.168.45.52.55337: syn 536929973 ack 1215154458
28.056234 port1 out 192.168.45.21.4443 -> 192.168.45.52.55336: psh 555374996 ack 2693966931
28.056949 port1 out 192.168.45.21.4443 -> 192.168.45.52.55336: fin 555375003 ack 2693966931
28.061368 port1 in 192.168.45.52.55336 -> 192.168.45.21.4443: rst 2693966931 ack 555375003
28.061401 port1 in 192.168.45.52.55337 -> 192.168.45.21.4443: ack 536929974
28.061426 port1 in 192.168.45.52.55337 -> 192.168.45.21.4443: fin 1215154458 ack 536929974
28.061907 port1 out 192.168.45.21.4443 -> 192.168.45.52.55337: ack 1215154459
28.062623 port1 out 192.168.45.21.4443 -> 192.168.45.52.55337: psh 536929974 ack 1215154459
28.063237 port1 out 192.168.45.21.4443 -> 192.168.45.52.55337: fin 536929981 ack 1215154459
28.066679 port1 in 192.168.45.52.55337 -> 192.168.45.21.4443: rst 1215154459 ack 536929981

^C
77 packets received by filter
0 packets dropped by kernel

FGVMEVD9RPZGR-D9 # diagnose debug console timestamp enable

FGVMEVD9RPZGR-D9 # diagnose debug application fnbamd -1
Debug messages will be on for 30 minutes.

FGVMEVD9RPZGR-D9 # diagnose debug application sslvpn -1
Debug messages will be on for 30 minutes.

FGVMEVD9RPZGR-D9 # diagnose debug enable

FGVMEVD9RPZGR-D9 # 2025-03-21 20:42:54 [2322:root:a2]allocSSLConn:312 sconn 0x7f2441cae800 (0:root)
2025-03-21 20:42:54 [2322:root:a2]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:54 [2322:root:a2]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:54 [2322:root:a2]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:54 [2322:root:a2]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:54 [2322:root:a2]Destroy sconn 0x7f2441cae800, connSize=0. (root)
2025-03-21 20:42:54 [2322:root:a3]allocSSLConn:312 sconn 0x7f2441cae800 (0:root)
2025-03-21 20:42:54 [2322:root:a3]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:54 [2322:root:a3]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a3]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:55 [2322:root:a3]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:55 [2322:root:a3]Destroy sconn 0x7f2441cae800, connSize=0. (root)
2025-03-21 20:42:55 [2322:root:a4]allocSSLConn:312 sconn 0x7f2441cae800 (0:root)
2025-03-21 20:42:55 [2322:root:a4]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]no SNI received
2025-03-21 20:42:55 [2322:root:a4]client cert requirement: no
2025-03-21 20:42:55 [2322:root:a4]SSL state:SSLv3/TLS read client hello (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:SSLv3/TLS write server hello (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:SSLv3/TLS write certificate (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:SSLv3/TLS write key exchange (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:SSLv3/TLS write server done (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:SSLv3/TLS write server done:(null)(192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:55 [2322:root:a4]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:55 [2322:root:a4]Destroy sconn 0x7f2441cae800, connSize=0. (root)
2025-03-21 20:42:55 [2322:root:a5]allocSSLConn:312 sconn 0x7f2441cae800 (0:root)
2025-03-21 20:42:55 [2322:root:a5]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]no SNI received
2025-03-21 20:42:55 [2322:root:a5]client cert requirement: no
2025-03-21 20:42:55 [2322:root:a5]SSL state:SSLv3/TLS read client hello (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:SSLv3/TLS write server hello (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:SSLv3/TLS write certificate (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:SSLv3/TLS write key exchange (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:SSLv3/TLS write server done (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:SSLv3/TLS write server done:(null)(192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:55 [2322:root:a5]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:55 [2322:root:a5]Destroy sconn 0x7f2441cae800, connSize=0. (root)
2025-03-21 20:42:55 [2322:root:a6]allocSSLConn:312 sconn 0x7f2441cae800 (0:root)
2025-03-21 20:42:55 [2322:root:a6]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a6]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a6]no SNI received
2025-03-21 20:42:55 [2322:root:a6]client cert requirement: no
2025-03-21 20:42:55 [2322:root:a6]SSL state:SSLv3/TLS read client hello (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a6]SSL state:SSLv3/TLS write server hello (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a6]SSL state:SSLv3/TLS write certificate (192.168.45.52)
2025-03-21 20:42:55 [2322:root:a6]SSL state:SSLv3/TLS write key exchange (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a6]SSL state:SSLv3/TLS write server done (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a6]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a6]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:56 [2322:root:a6]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:56 [2322:root:a6]Destroy sconn 0x7f2441cae800, connSize=0. (root)
2025-03-21 20:42:56 [2322:root:a7]allocSSLConn:312 sconn 0x7f2441cae800 (0:root)
2025-03-21 20:42:56 [2322:root:a8]allocSSLConn:312 sconn 0x7f2440f21000 (0:root)
2025-03-21 20:42:56 [2322:root:a7]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a7]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a7]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:56 [2322:root:a7]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:56 [2322:root:a7]Destroy sconn 0x7f2441cae800, connSize=1. (root)
2025-03-21 20:42:56 [2322:root:a8]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]no SNI received
2025-03-21 20:42:56 [2322:root:a8]client cert requirement: no
2025-03-21 20:42:56 [2322:root:a8]SSL state:SSLv3/TLS read client hello (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:SSLv3/TLS write server hello (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:SSLv3/TLS write certificate (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:SSLv3/TLS write key exchange (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:SSLv3/TLS write server done (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:56 [2322:root:a8]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:56 [2322:root:a8]Destroy sconn 0x7f2440f21000, connSize=0. (root)
2025-03-21 20:42:56 [2322:root:a9]allocSSLConn:312 sconn 0x7f2440f21000 (0:root)
2025-03-21 20:42:56 [2322:root:a9]SSL state:before SSL initialization (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a9]SSL state:fatal decode error (192.168.45.52)
2025-03-21 20:42:56 [2322:root:a9]SSL state:error:(null)(192.168.45.52)
2025-03-21 20:42:56 [2322:root:a9]SSL_accept failed, 1:unexpected eof while reading
2025-03-21 20:42:56 [2322:root:a9]Destroy sconn 0x7f2440f21000, connSize=0. (root)

AEK · ‎03-24-2025

FortiGate-VM with eval license has very weak cypher algorithms. That's probably why your FortiClient is rejecting the SSL connection.

AEK

SSL VPN ERROR

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website