We have some hyper-v VMs that we upgraded from 7.2.3 to 7.2.5 forticlient. SSL VPN no longer works after upgrading.
We can repeat the problem by downgrading to 7.2.3 and then successfully connecting then upgrading to 7.2.5 and breaking it again.
we need to run 7.2.5 to fix a wild card FQDN issue with ztna destinations that we were experiencing on 7.2.3.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
TAC provided me with a 7.2.5.7679 Interim build that corrected everything. Waiting for the next GA to be released before I deploy everywhere. But the interim release is enough to at least get the 2019 devs up and running.
Hello @aguerriero,
Could you provide the SSL VPN debug logs from your testing with FortiClient 7.2.5? Additionally, please confirm which authentication server is being utilized.
To collect the necessary logs, please run the following commands:
diag deb app sslvpnd -1
diag deb app fnbamd -1
diag deb console time en
diag deb en
To disable:
diag deb dis
These commands will enable debug logging for SSL VPN and provide valuable information for troubleshooting.
Thanks,
Amandeep
This is the debug
2024-09-18 07:16:25 [310:root:19933]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [310:root:19933]Destroy sconn 0x7f9bf9e800, connSize=9. (root)
2024-09-18 07:16:25 [311:root:19934]allocSSLConn:310 sconn 0x7f9be59000 (0:root)
2024-09-18 07:16:25 [311:root:19934]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [311:root:19934]Destroy sconn 0x7f9be59000, connSize=1. (root)
2024-09-18 07:16:51 [306:root:19935]allocSSLConn:310 sconn 0x7f9be76000 (0:root)
2024-09-18 07:16:51 [306:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:51 [306:root:19935]Destroy sconn 0x7f9be76000, connSize=7. (root)
2024-09-18 07:16:51 [307:root:19935]allocSSLConn:310 sconn 0x7f9bf1d000 (0:root)
2024-09-18 07:16:52 [307:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:52 [307:root:19935]Destroy sconn 0x7f9bf1d000, connSize=7. (root)
This is the debug output.
2024-09-18 07:16:25 [310:root:19933]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [310:root:19933]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [310:root:19933]Destroy sconn 0x7f9bf9e800, connSize=9. (root)
2024-09-18 07:16:25 [311:root:19934]allocSSLConn:310 sconn 0x7f9be59000 (0:root)
2024-09-18 07:16:25 [311:root:19934]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:25 [311:root:19934]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:25 [311:root:19934]Destroy sconn 0x7f9be59000, connSize=1. (root)
2024-09-18 07:16:51 [306:root:19935]allocSSLConn:310 sconn 0x7f9be76000 (0:root)
2024-09-18 07:16:51 [306:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:51 [306:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:51 [306:root:19935]Destroy sconn 0x7f9be76000, connSize=7. (root)
2024-09-18 07:16:51 [307:root:19935]allocSSLConn:310 sconn 0x7f9bf1d000 (0:root)
2024-09-18 07:16:52 [307:root:19935]SSL state:before SSL initialization (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:fatal decode error (192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL state:error:(null)(192.168.25.200)
2024-09-18 07:16:52 [307:root:19935]SSL_accept failed, 1:unexpected eof while reading
2024-09-18 07:16:52 [307:root:19935]Destroy sconn 0x7f9bf1d000, connSize=7. (root)
Created on 09-18-2024 02:09 PM Edited on 09-18-2024 02:10 PM
Hello @aguerriero ,
It looks like above debug is related to internet options.
Please check the below article.
Thanks,
Amandeep
Where do I send the debug information and logs. I tried pasting the debug information in this thread but it isn't actually posting.
Hello @aguerriero,
How are you sharing the logs? Are you uploading files or pasting the log content directly into the forum?
Please note that file uploads are limited to 5MB.
Thanks,
Amandeep
I opened a ticket with TAC and sent the full forticlient diagnostics and fortigate debugs. I will be having a screenshare session with an engineer later today.
TAC provided me with a 7.2.5.7679 Interim build that corrected everything. Waiting for the next GA to be released before I deploy everywhere. But the interim release is enough to at least get the 2019 devs up and running.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.