To connect directly to my ISP (PPPoE on Fibre) I need to use a VLAN as they need VLAN ID = 10.
So I created a VLAN sub interface on the WAN port, and it connects well. This is a new 61F with firmware at 7.2.0
Everything I need works well, however my SSL VPN will not complete the connection.
Using the Forticlient VPN Only I get 40% through the connection and then:
Warning. Failed to establish the VPN connection. This may be caused by a mismatch in the TLS version. .... (-5029) The Win 10 PC this is running on has TLS 1.1, 1.2 and 1.3 running.
Use the web access, I can login and then try to use RDP. It starts connecting but then fails with a message of "Connection closed!"
Looking at "Log & Report > System Events > VPN Events" I can see the test connection opening and closing, but not the VPN tunnel opening. (SSL-exit-error; SSL-alerts)
I also reviewed logs, and in summary found this: failure reason="DH lib"
Does the WAN config with the VLAN approach that I've set up support what I'm trying to do? (I'm trying to avoid using the added hardware of an ISP router configured as a bridge)
Any other suggestions welcome.
Hi Bruisert,
Thank you for posting to the Fortinet Community Forum.
As per your problem description I can understand that you are facing issue while connecting to ssl vpn and it is getting stuck at 40%
As you have asked "Does the WAN config with the VLAN approach that I've set up support what I'm trying to do"//
Yes, we can configured the ISP link in the vlan and call the same vlan interface in the ssl vpn settings as the server interface
You have got the following error
"This may be caused by a mismatch in the TLS version. .... (-5029)"
Please share me the below output.
SSH1:-
diag debug reset
diagnose debug console timestamp en
diagnose vpn ssl debug-filter src-addr4 x.x.x.x - Here x.x.x.x is the public IP of the user connecting.
diag debug appl sslvpn -1
diag debug appl fn -1
diag debug enable
wait till the VPN disconnect, disable the logs by executing
diag debug disable
diag debug reset
SSH2:-
config vpn ssl settings
get
Cross verified the following settings once as you have mentioned
"The Win 10 PC this is running on has TLS 1.1, 1.2 and 1.3 running."
Also please go through the link for you reference:-
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL...
Let us know if this helps.
Thanks
Thanks. In seeing through the above direction I found the following:
Please answer point 1 above, otherwise thanks for your support and I'm good to go now.
Hi Bruisert,
You can download the forticlient vpn app from your support portal.
Please find the link for your reference:-
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.