Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: VPN problem 98%
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN problem 98%
Hello community
I am looking for your help in solving the issue with SSL VPN connection. The problem exists only on 1 computer when connected to any Fortigate device. The credentials are correct.
Problem: when you turn on the computer for the first time, when you try to establish a connection, it immediately breaks after connecting. On repeated attempts, it remains at 98% and does not move.
error from the client's log:
22.10.2021 14:28:22 error sslvpn FortiSslvpn: 12772: error: poll_send_ssl ->SSL_get_error(): 5, try:1 22.10.2021 14:28:22 error sslvpn FortiSslvpn: 12772: error: poll_send_ssl -> WSAGetLastError():2746, try:1 22.10.2021 14:28:22 error sslvpn FortiSslvpn: 12772: error: poll_send_ssl ->data size: 86, try:1 22.10.2021 14:28:22 error sslvpn FortiSslvpn: 12772: [handle_driver_read_event]: error: poll_send 22.10.2021 14:28:22 error sslvpn FortiSslvpn: 15248: error: poll_recv_ssl -> SSL_get_error(): 5 22.10.2021 14:28:22 error sslvpn FortiSslvpn: 15248: error: poll_recv_ssl -> WSAGetLastError():2746
Log from device:
[193:root:70e]SSL state:before SSL initialization (000.000.000.000)
[193:root:70e]SSL state:before SSL initialization:DH lib(000.000.000.000)
[193:root:70e]SSL_accept failed, 5:(null)
[193:root:70e]Destroy sconn 0x36186600, connSize=1. (root)
[11005:root:35b]allocSSLConn:280 sconn 0x360e0f00 (0:root)
[11005:root:35b]SSL state:before SSL initialization (000.000.000.000)
[11005:root:35b]SSL state:before SSL initialization (000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS read client hello (000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS write server hello (000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS write certificate (000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS write key exchange (000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS write server done (000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS write server done:system lib(000.000.000.000)
[11005:root:35b]SSL state:SSLv3/TLS write server done:DH lib(000.000.000.000)
[11005:root:35b]SSL_accept failed, 5:(null)
[11005:root:35b]Destroy sconn 0x360e0f00, connSize=2. (root)
[195:root:70d]allocSSLConn:280 sconn 0x361a6f00 (0:root)
[195:root:70d]SSL state:before SSL initialization (000.000.000.000)
[195:root:70d]SSL state:before SSL initialization (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS read client hello (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write server hello (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write certificate (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write key exchange (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write server done (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write server done:system lib(000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write server done (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS read client key exchange (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS read change cipher spec (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS read finished (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write session ticket (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write change cipher spec (000.000.000.000)
[195:root:70d]SSL state:SSLv3/TLS write finished (000.000.000.000)
[195:root:70d]SSL state:SSL negotiation finished successfully (000.000.000.000)
[195:root:70d]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
[195:root:70d]req: /remote/info
[195:root:70d]req: /remote/login
[195:root:70d]rmt_web_auth_info_parser_common:433 no session id in auth info
[195:root:70d]rmt_web_get_access_cache:752 invalid cache, ret=4103
[195:root:70d]req: /remote/logincheck
[195:root:70d]rmt_web_auth_info_parser_common:433 no session id in auth info
[195:root:70d]rmt_web_access_check:678 access failed, uri=[/remote/logincheck],ret=4103,
[195:root:70d]rmt_logincheck_cb_handler:890 user '________' has a matched local entry.
[195:root:70d]sslvpn_auth_check_usrgroup:1762 forming user/group list from policy.
[195:root:70d]sslvpn_auth_check_usrgroup:1804 got user (0) group (1:0).
[195:root:70d]sslvpn_validate_user_group_list:1432 validating with SSL VPN authentication rules (2), realm ().
[195:root:70d]sslvpn_validate_user_group_list:1480 checking rule 1 cipher.
[195:root:70d]sslvpn_validate_user_group_list:1488 checking rule 1 realm.
[195:root:70d]sslvpn_validate_user_group_list:1499 checking rule 1 source intf.
[195:root:70d]sslvpn_validate_user_group_list:1538 checking rule 1 vd source intf.
[195:root:70d]sslvpn_validate_user_group_list:1610 rule 1 done, got user (0) group (0:0).
[195:root:70d]sslvpn_validate_user_group_list:1480 checking rule 2 cipher.
[195:root:70d]sslvpn_validate_user_group_list:1488 checking rule 2 realm.
[195:root:70d]sslvpn_validate_user_group_list:1499 checking rule 2 source intf.
[195:root:70d]sslvpn_validate_user_group_list:1610 rule 2 done, got user (0) group (1:0).
[195:root:70d]sslvpn_validate_user_group_list:1698 got user (0), group (1:0).
[195:root:70d]two factor check for ________: off
[195:root:70d]sslvpn_authenticate_user:167 authenticate user: [________]
[195:root:70d]sslvpn_authenticate_user:174 create fam state
[195:root:70d]fam_auth_send_req:559 with server blacklist:
[195:root:70d]fam_auth_send_req_internal:442 fnbam_auth return: 0
[195:root:70d]fam_auth_send_req_internal:448 authentication OK
[195:root:70d]fam_do_cb:478 fnbamd return auth success.
[195:root:70d]SSL VPN login matched rule (2).
[195:root:70d]rmt_bind_oif:562 bind device,sock=32,if=[wan1]
[195:root:70d]login_succeeded:382 redirect to hostcheck
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]req: /remote/fortisslvpn
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]rmt_bind_oif:562 bind device,sock=32,if=[wan1]
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]form_ipv4_split_tunnel_addr:1555 Matched policy (id = 30) to add split tunnel routing address
[195:root:70d]form_ipv4_split_tunnel_addr:1555 Matched policy (id = 29) to add split tunnel routing address
[195:root:70d]req: /remote/fortisslvpn_xml
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]rmt_bind_oif:562 bind device,sock=32,if=[wan1]
[195:root:70d]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[195:root:70d]sslvpn_reserve_dynip:1118 tunnel vd[root] ip[172.16.199.6]
[195:root:70d]form_ipv4_split_tunnel_addr:1555 Matched policy (id = 30) to add split tunnel routing address
[195:root:70d]form_ipv4_split_tunnel_addr:1555 Matched policy (id = 29) to add split tunnel routing address
[193:root:70f]allocSSLConn:280 sconn 0x36186600 (0:root)
[193:root:70f]SSL state:before SSL initialization (000.000.000.000)
[193:root:70f]SSL state:before SSL initialization (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS read client hello (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write server hello (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write certificate (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write key exchange (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write server done (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write server done:system lib(000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write server done (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS read client key exchange (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS read change cipher spec (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS read finished (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write session ticket (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write change cipher spec (000.000.000.000)
[193:root:70f]SSL state:SSLv3/TLS write finished (000.000.000.000)
[193:root:70f]SSL state:SSL negotiation finished successfully (000.000.000.000)
[193:root:70f]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
[193:root:70f]req: /remote/fortisslvpn_xml
[193:root:70f]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[193:root:70f]rmt_bind_oif:562 bind device,sock=29,if=[wan1]
[193:root:70f]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[193:root:70f]form_ipv4_split_tunnel_addr:1555 Matched policy (id = 30) to add split tunnel routing address
[193:root:70f]form_ipv4_split_tunnel_addr:1555 Matched policy (id = 29) to add split tunnel routing address
[193:root:70f]req: /remote/sslvpn-tunnel2?dns0=10.35.1.1&dn
[193:root:70f]sslvpn_tunnel2_handler,50, Calling rmt_conn_access_ex.
[193:root:70f]deconstruct_session_id:375 decode session id ok, user=[________],group=[GENEL],portal=[TUNNEL],host=[000.000.000.000],realm=[],idx=5,auth=1,sid=184cb8d8, login=1633414118, access=1633414118
[193:root:70f]rmt_bind_oif:562 bind device,sock=29,if=[wan1]
[193:root:70f]client sent request without hostname (see RFC2616 section 14.23): /.
[193:root:70f]sslConnGotoNextState:296 error (last state: 1, closeOp: 0)
[193:root:70f]Destroy sconn 0x36186600, connSize=1. (root)
[195:root:70d]Timeout for connection 0x361a6f00.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are the versions of the Fortigate and the SSL VPN client?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have Forty Client (only vpn) 7.0.1.0083
I tried to install Full Client, I tried reinstall windows, and i tried do all from tjis link
http://kontech.net/forticlient-vpn-connection-getting-stuck-at-status-98/
It all didn't help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you find solution for this , We have the same issue on our side fct 6.4.6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ON FCT try to enable log level of debug, see this link: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38644
- On FGT cli run the below:
dia vpn ssl debug-filter src-addr4 xxx.xxx.xx.xx <-- replace xxx with your machine public IP (use google what is my IP )
dia de consol tim en
dia de app sslvpn -1
dia de enable <-- To stop, dia de disable
- While debug is running on FGT cli, connect to VPN from FCT.
- While FCT is connected run the following on FGT:
get vpn ssl monitor
dia firewall auth list
- After FCT is dropped, please export and attach log file from FCT and debug output from FGT (in txt file please).
- If possible, share below config from FGT:
show vpn ssl settings
Once you submit the above debug I will review it.
I am L2 TAC - NSE7
I am L2 TAC - NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Created on 11-11-2021 04:51 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dear community. any ideas what might help in my case?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For me the problem occurs when I apply SSL deep inspection to the VPN traffic. If I except the VPN gateway address from SSL deep inspection the problem is not present. I am using FortiClient VPN 7.0.7
Rino Broer
Rino Broer
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Routing between vpn tunnels 83 Views
- Fortinac - Enforced Ethernet Port With... 127 Views
- SAP B1 License manager 70 Views
- IPSEC Phase1 & Phase2 UP, But... 204 Views
- Problem with FortiAP FP221E-v5.4-build4137 126 Views
Labels
-
FortiGate
8,556 -
FortiClient
1,729 -
5.2
801 -
FortiManager
719 -
5.4
639 -
FortiAnalyzer
549 -
FortiSwitch
467 -
FortiAP
462 -
6.0
416 -
FortiClient EMS
416 -
5.6
362 -
FortiMail
313 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
228 -
FortiWeb
203 -
IPsec
197 -
5.0
196 -
FortiNAC
183 -
FortiGuard
137 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
101 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
88 -
Customer Service
79 -
Wireless Controller
76 -
Firewall policy
75 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
49 -
ZTNA
47 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
42 -
DNS
42 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
NAT
32 -
RADIUS
31 -
SSO
31 -
Interface
31 -
FortiConnect
28 -
FortiLink
28 -
FortiWAN
27 -
VDOM
26 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
snmp
13 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
FortiManager v4.0
10 -
IPS signature
10 -
Security profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
Intrusion prevention
9 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Antivirus profile
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiGate-VM
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1669 | |
| 1082 | |
| 752 | |
| 446 | |
| 224 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.