VPN stuck at status 98%

FKribs · ‎07-31-2014

We are running Windows Server 2012 R2. We have installed the most recent FortiNet client (vpn only), version 5.2.0.0591. We have configured an SSL-VPN connection. When we click on the " connect" button, the status progresses all the way to 98% and then hangs. We have disabled the windows firewall, do not have any anti virus software installed, no group policies are being applied, and no other applications are running when we attempt to make the VPN connection. Thanks for helping!

denniswong34 · ‎11-07-2014

Hi All,

I just fix it by apply this fix and re-install fortigate client.

https://skydrive.live.com/redir?resid=86BDD34D41D3E179!2065&authkey=!AAeyjPB4O4uVxek

You may find the detail from this forums. Hope this could help you all. Thanks.

https://supportforums.cisco.com/discussion/11682811/anyconnect-msi-installation-failed-windows-7

View solution in original post

greylander · ‎01-27-2016

Hi,

I seem to be experiencing this problem, or very similar problem.

Forticlient hangs at 98% while connecting. But this only happen occasionally -- especially if the connect dropped for some reason and I try to connect again (possibly every time this happens).

I am able to get Forticlient to connect if I reboot my machine. So maybe this is not the identical problem discussed here. Sometimes it gives the "You already have an open SSL VPN connection" warning, but not always. Either way, it stops at 98%, after a minute or so, it just clears the login fields of the forticlient window as if nothing had ever happened.

Rebooting my machine "resets" something and makes connection possible. But this is a frustrating workaround.

Is there a process or service I should be able to restart that would have the same effect as rebooting?

View solution in original post

rwdorman · ‎10-04-2016

I've not gotten this to work (but it has been a long time since I tried) you may want to look at

http://docs.fortinet.com/...s-an-l2tp-ipsec-server

-rd 2x 200D Clusters 1x 100D

1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D

scerazy · ‎10-04-2016

l2tp works perfectly fine on Fortigate with Windows (or Mac) default build-in VPN

Only issue is to add static routes once the tunnel is connected

So not a solution to "end" user (that can hardly understand double click here)

But for anybody intelligent it is spot on.

rwdorman · ‎10-04-2016

I just set this up quickly according to the guide at the link above (it is a bit different to translate to 5.2 so beware you'll have to fool with things a bit). As long as I unchecked "Use Default Gateway" in the IPv4 settings on the tunnel adapter in windows it would push just the routes that were in my Phase 2 proposal. I did not have to add any routes on the client to get split tunneling working (that's how I wanted it, you may want full tunnel).

-rd 2x 200D Clusters 1x 100D

1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D

rwdorman · ‎10-04-2016

I did not have to add static routes tho on the local client I did unselect the "Default Gateway" setting so that I would get split tunnelling. The server is pushing a 10.0.0.0/8 route to my PC's but I'm not sure where that was configured. It works, however, for my setup as my internal IP's are in that space.

-rd 2x 200D Clusters 1x 100D

1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D

oheigl · ‎08-20-2014

It' s the web portal of the SSL VPN. Just copy the IP or URL which you enter at the server address field in the client app into your browser, and a website should be displayed. After that log into this website with your VPN credentials, and then you should be able to download the tunnel plugin. After installing restart the browser and try to login again, now there should be a connect button in the tunnel widget, click it and let me know if it works!

FKribs · ‎09-03-2014

We were able to log into the web site with our credentials. In the " Tunnel Mode" section, there is a connect button that doesn' t appear to do anything. In the details, it says " FortiClient SSLVPN Offline" . " Link status" is " down" , " bytes sent:" and " bytes received" are 0. In the " Session Information" section, " time logged in" counts the time of our connection. We don' t see a place to download the tunnel plugin. Where do we download this? Thanks!

oheigl · ‎09-04-2014

I guess you didn' t remove the SSL VPN client before connecting to the web portal? Please go to your Program/Features and first remove the Fortinet SSL-VPN client. After that, reopen the browser and try again to log into the web portal. Hope that helps!

FKribs · ‎09-04-2014

Yes, you are correct. We did not uninstall the SSL VPN Client. We went ahead and uninstalled it, and then connected to the website again. This gave us a download link for the SSL VPN Client, which we installed. Still, in the " Tunnel Mode" section, there is a connect button that doesn' t appear to do anything. In the details, it says " FortiClient SSLVPN Offline" . " Link status" is " down" , " bytes sent:" and " bytes received" are 0.

JulianDorl · ‎09-08-2014

Hey guys, i just spent some time to solve this problem. Here is my solution (no work-around): Internet Options-> Connections -> " fortissl" -> Settings -> Dial-Up Settings -> If there is more than one device just check the right one (ISDN PPPoP WAN Adapter). Worked on all clients I tested. Hope that helps!

FKribs · ‎09-08-2014

If we go into IE settings under " Internet Options-> Connections -> " fortissl" -> Settings ->" , in the " DialUp Settings" section, there was a username, password and domain field (all blank). If we click the properties button on the " General" tab, the box titled " Connect using:" has this: " Modem Removed- Unavailable device ()" . We are not quite sure where you are seeing more than one devices listed.