Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
networkers
New Contributor

[SSL-VPN] Upgrade from FortiClient 7.0.5 to 7.0.6: SSL stuck at 40%

So we started updating the free FortiClient for Windows 10 Enterprise from release 7.0.5 to 7.0.7. Afterwards while connecting with SSL to the FortiGate, the client hangs at 40%. We downgraded to 7.0.6 and still the clients hang at 40%. Finally we downgraded to 7.0.5 and SSL VPN works again. To summarize:

FortiClient version <= 7.0.5: SSL connection works

FortiClient version >= 7.0.6: SSL clients hangs at 40%

 

Debugging with:

diagnose debug application sslvpn -1

diagnose debug enable

 

2022-11-03 15:02:10 [82:root:1037]Destroy sconn 0x425d4600, connSize=20. (root)
2022-11-03 15:02:10 [82:root:1038]allocSSLConn:247 sconn 0x425d4600 (0:root)
2022-11-03 15:02:10 [82:root:1038]SSL state:before/accept initialization (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client hello A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write server hello A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write certificate A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write key exchange A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write server done A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 flush data (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client certificate A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A:system lib(x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A:system lib(x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read certificate verify A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read finished A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write session ticket A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write change cipher spec A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write finished A (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 flush data (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL state:SSL negotiation finished successfully (x.x.x.x)
2022-11-03 15:02:10 [82:root:1038]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2022-11-03 15:02:10 [82:root:1038]req: /remote/info
2022-11-03 15:02:10 [82:root:1038]def: (nil) /remote/info
2022-11-03 15:02:10 [82:root:1038]req: /remote/login
2022-11-03 15:02:10 [82:root:1038]rmt_authutil.c:418 no session id in auth info
2022-11-03 15:02:10 [82:root:1038]rmt_authutil.c:701 invalid cache, ret=4103
2022-11-03 15:02:11 [82:root:1038]main.c,epollFdHandler,551, sconn=0x425d4600[52,-1,-1,-1,-1], fd=52, event=25.
2022-11-03 15:02:11 [82:root:1038]main.c:608 s: 0x425d4600 event: 0x19
2022-11-03 15:02:11 [82:root:1038]Destroy sconn 0x425d4600, connSize=20. (root)

 

 

So, what goes wrong?

2 REPLIES 2
shams_sk
New Contributor

I'm also experience same issue, Can someone help with this.

Debbie_FTNT

In my experience, FortiClient VPN tends to hang at 40% if there is a certificate issue - meaning the FortiGate presents a server certificate the FortiClient might not trust for some reason (such as self-signed):

Debbie_FTNT_0-1667815020509.png

Can you check if a second FortiClient icons appears in the task bar?

Debbie_FTNT_1-1667815107607.png

The certificate warning might have only popped up in the background, and to proceed you would have to bring the window forward and click on 'Yes'.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Labels
Top Kudoed Authors