Hi all !
Latest version of FortiClient VPN (7.0.11.0569), latest FGT firmware (v7.0.14 build0601)
I am using a Windows 11 insider dev channel. Since last weeks upgrade (build 26058 release 240209-1555), I am almost unable to connect via SSLVPN.
Nothing has changed appart from this upgrade, all the other remote users running "standard" windows 11 versions have absolutely no problem.
My client log is filled with errors that I found on other threads but with no solution :
error: poll_send_ssl ->SSL_get_error(): 5, try:1
error: poll_send_ssl -> WSAGetLastError():2745, try:1
error: poll_send_ssl ->data size: 66, try:1
[handle_driver_read_event]: error: poll_send
error: poll_recv_ssl -> SSL_get_error(): 5
error: poll_recv_ssl -> WSAGetLastError():2745
error: polling recv, try:1
etc....
If I insist a lot, after some time it will connect (maybe 20 retries), and the log looks absolutely normal (nothing logged appart from connection established).
On the Fortigate side, I have "SSL web application blocked", and "ssl exit error, reason DH Lib".
I have no idea what this is, and above all why it sometimes work !
Can some help me on this matter ? Thanks a lot !
PS : there is not client certificate, as some support pages mention this.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would try turning off IPv6 on both the Ethernet and SSLVPN adaptor within your network settings.
Please try and see if a specific Windows Update is installed with the PowerShell command: 'Get-Hotfix KB2693643'. This update can cause the issue you are seeing.
This hotfix does not seem to be installed, but as I mentioned I am using a dev channel windows 11 version, so this might by included in the base version of the OS rather than in a hotfix, right ?
Hello @ArnaudL
The possible reasons are for disconnection at <98%> :
You can refer this KB for reference :
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL...
Link for FortiGate and FortiClient compatibility link :
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/afec3249-ed3f-11ea-96b9-005056...
Created on 03-04-2024 01:27 AM Edited on 03-04-2024 01:27 AM
Hi @Rajneesh
I have reinstalled many times already, including older versions of the forticlient.
Forticlient and Fortigate are at the latest version, as mentioned in my original message, so incompatibility is unlikely.
Using the free version of Forticlient should not be a problem so we cannot investigate this possibility any further as we will not move to EMS.
Dear @ArnaudL
Please can you disable IPv6 on the NIC of the client machine and try again.
Please follow the KB - https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-fails-at-98/ta-p/248363
Best regards,
Erlin
Created on 03-04-2024 01:09 AM Edited on 03-04-2024 01:16 AM
Hi @esalija , thanks for the tip.
Do you mean the physical NIC, or the virtual Fortinet SSL VPN Virtual adapter ?
Edit : sorry, I had not seen the reply by @johnathan . I'll give it a try, but disabling ipv6 on my physical adapter is not a viable solution.
Created on 03-04-2024 11:54 PM Edited on 03-04-2024 11:59 PM
@esalija and @johnathan
I am working remotely today so I gave it a try but it does not help. Disabling IPv6 in both the Fortinet SSL VPN adapter and my Wifi interface made no difference.
@ArnaudL wrote:If I insist a lot, after some time it will connect (maybe 20 retries), and the log looks absolutely normal (nothing logged appart from connection established).
I had to retry for about 1 hour to finally get connected this morning.
Hi @ArnaudL,
Please refer to https://community.fortinet.com/t5/FortiClient/Technical-Tip-Interpreting-WSAGetLastError-in-FortiCli...
Based on your FortiClient logs "WSAGetLastError():2745", 2745 in hexadecimal is = 10053 in decimal and based on Microsoft link below, WSAECONNABORTED 10053 = Software caused connection abort. An established connection was aborted by the software in your host computer, possibly due to a data transmission time-out or protocol error.
https://learn.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Is there any third party software that might conflict with FortiClient? Have you tried different internet connection (wifi/ethernet)?
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.