So we started updating the free FortiClient for Windows 10 Enterprise from release 7.0.5 to 7.0.7. Afterwards while connecting with SSL to the FortiGate, the client hangs at 40%. We downgraded to 7.0.6 and still the clients hang at 40%. Finally we downgraded to 7.0.5 and SSL VPN works again. To summarize:
FortiClient version <= 7.0.5: SSL connection works
FortiClient version >= 7.0.6: SSL clients hangs at 40%
Debugging with:
diagnose debug application sslvpn -1
diagnose debug enable
2022-11-03 15:02:10 [82:root:1037]Destroy sconn 0x425d4600, connSize=20. (root)
2022-11-03 15:02:10 [82:root:1038]allocSSLConn:247 sconn 0x425d4600 (0:root)
2022-11-03 15:02:10 [82:root:1038]SSL state:before/accept initialization (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client hello A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write server hello A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write certificate A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write key exchange A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write server done A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 flush data (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client certificate A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A:system lib(x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A:system lib(x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read certificate verify A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read finished A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write session ticket A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write change cipher spec A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write finished A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 flush data (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSL negotiation finished successfully (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2022-11-03 15:02:10 [82:root:1038]req: /remote/info
2022-11-03 15:02:10 [82:root:1038]def: (nil) /remote/info
2022-11-03 15:02:10 [82:root:1038]req: /remote/login
2022-11-03 15:02:10 [82:root:1038]rmt_authutil.c:418 no session id in auth info
2022-11-03 15:02:10 [82:root:1038]rmt_authutil.c:701 invalid cache, ret=4103
2022-11-03 15:02:11 [82:root:1038]main.c,epollFdHandler,551, sconn=0x425d4600[52,-1,-1,-1,-1], fd=52, event=25.
2022-11-03 15:02:11 [82:root:1038]main.c:608 s: 0x425d4600 event: 0x19
2022-11-03 15:02:11 [82:root:1038]Destroy sconn 0x425d4600, connSize=20. (root)
So, what goes wrong?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm also experience same issue, Can someone help with this.
In my experience, FortiClient VPN tends to hang at 40% if there is a certificate issue - meaning the FortiGate presents a server certificate the FortiClient might not trust for some reason (such as self-signed):
Can you check if a second FortiClient icons appears in the task bar?
The certificate warning might have only popped up in the background, and to proceed you would have to bring the window forward and click on 'Yes'.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1672 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.