found 2 indices in fortitray.log:
20220413 20:54:15 [FortiTray:EROR] vpnconnection.mm:388 Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://[my vpn server FQDN]:443/remote/info, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <B3327F4C-A2D1-40ED-859A-4CEB907EEC4F>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <B3327F4C-A2D1-40ED-859A-4CEB907EEC4F>.<1>"
), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://[my vpn server FQDN]:443/remote/info, NSUnderlyingError=0x600000ef2070 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=2, _kCFNetworkCFStreamSSLErrorOriginalValue=-9858, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9858}}, _kCFStreamErrorCodeKey=-9858}
20220413 20:55:50 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
forticlient vpn is set to full disk access
and fctservctl2 as well (no other suggested services avail on my macbook)
another suspicious behavior is that firefox refuses to connect to
https://[my vpn server FQDN]/remote/info
failed with
An error occurred during a connection to [my vpn server FQDN]. A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.
Error code: SEC_ERROR_PKCS11_GENERAL_ERROR
any advice please ?
Created on 04-18-2022 07:47 AM
Hello woji,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Fortinet Community Team
Hi,
In case that you are getting a security warning during the connection, il looks like you are not using a VPN server certificate, a public one.
"An SSL error has occurred and a secure connection to the server cannot be made.....Would you like to connect to the server anyway?,"
Can you test please to
1.configure VPN server certificate, a public one.
config vpn ssl settings
...........
set servercert {string}
https://docs.fortinet.com/document/fortigate/7.0.5/cli-reference/363620/config-vpn-ssl-settings
2. or <warn_invalid_server_certificate>0</warn_invalid_server_certificate>
https://docs.fortinet.com/document/forticlient/6.4.8/xml-reference-guide/858086/ssl-vpn
Sincerely
Chavdar Tanev
Chavdar,
thank you for response.
I have 2 MacBooks (MB2021 and MB 12) + one extra MacBook 12 of my friend which is exactly same as my MB12 (same OS, same HW)
my MacBook Air 2021 can connect this VPN without any troubles + another hundreds windows PC's + tenths of MacBooks of our organization.
my friends MacBook 12 can connect our VPN as well.
but my MacBook 12 can't .
from what I can see in log I believe that my MacBook missing some component that your VPN requires to run (FireFox says something about PKCS#11).
But from forticlient log I can't determine what should I do to repair this problem.
I tried forticlient 6.0 and 7.0, none works in this MB 12
can you please help me with this issue ?
b.r.
AW.
after more than half of year I found solution to this issue.
I installed new use profile to my notebook,... for my wife. As I noted forti icon on her desktop, I tried to estabilish connection, uploaded my cert into her cert store and... VPN works perfectly.
so my user profile is broken, reason unknown, happened once. I have VPN on at least 3 Apple devices and all others works 100%.
woji
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.