Sovled:FEC not enabled for IPSEC(Update:Not works for dialup mode)

YuChow · ‎11-02-2023

I already followed the official document to set ipsec phase1 and firewall policy,the server side still can't enable.But on the client side,fec enabled and working.System is fortigate 7.4.1 and licensed.

this is debug log:

and this is my config:

But on the other side.the client,FEC is enabled and working.
This is debug log:

and this is my config:

YuChow · ‎11-03-2023

Solved,dial up mode server will generate other one tunnel.Like name_0,name_1,etc.So need use "diagnose vpn tunnel fec name_0",not "diagnose vpn tunnel fec name" to check logs.

View solution in original post

hbac · ‎11-02-2023

Hi @YuChow,

Can you provide the output of the following commands:

diagnose vpn tunnel list

show vpn ipsec fec

Regards,

YuChow · ‎11-02-2023

@hbac

YuChow · ‎11-02-2023

and my net packet loss always about 10%.

YuChow · ‎11-02-2023

I have test if use p2p with out NAT in a local test.FEC works.The FEC not works when one side behind NAT?

YuChow · ‎11-02-2023

Local test,using dialup mode.Server(NGF-1) side fec enabled=0,not works.

YuChow · ‎11-03-2023

Solved,dial up mode server will generate other one tunnel.Like name_0,name_1,etc.So need use "diagnose vpn tunnel fec name_0",not "diagnose vpn tunnel fec name" to check logs.