Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
THEcRiteK
New Contributor

no Advanced Options in FortiClient 5.2.1.356 on Mac OSX

Hey Comm,

 

my problem is, that on windows i can configure the forticlient very good, but on mac i can't configure the vpn connection correctly, because i don't have the advanced settings for IPsec, Phase1 and Phase2. So the client can't connect to our firewall.

 

Is there any trick to get these settings? I have tried many other forticlient versions but in no version the advanced settings are displayed.

 

thanks!

 

 

 

 

1 Solution
emnoc
Esteemed Contributor III

Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.

 

1: backup the cfg

Preference > General > Backup ( name the file )

 

2:  open the <*.conf> file in yoru favorite editor.

 

3: Search down to the ipsec or connection name

 

4:make your modifications and save as new file

 

5: Restore the new cfg

 

 

  <name>socpuppetshq</name>                     <type>manual</type>                     <ike_settings>                         <prompt_certificate>0</prompt_certificate>                         <description>MainFGT100D</description>                         <server>192.0.1.1</server>                         <authentication_method>Preshared Key</authentication_method>                         <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key>                         <mode>aggressive</mode>                         <dhgroup>5</dhgroup>                         <key_life>86400</key_life>                         <localid></localid>                         <nat_traversal>1</nat_traversal>                         <mode_config>1</mode_config>                         <enable_local_lan>0</enable_local_lan>                         <dpd>1</dpd>                         <xauth>                             <enabled>1</enabled>                             <prompt_username>0</prompt_username>                             <username>Enc 420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username>                             <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password>                         </xauth>                         <proposals>                             <proposal>aes128|sha1</proposal>                             <proposal>aes256|sha256</proposal>                             <proposal>3des|sha256</proposal>                             <proposal>aes128|sha1</proposal>                             <proposal>aes256|sha1</proposal>                             <proposal>3des|sha1</proposal>                         </proposals>                         <fgt>0</fgt>                     </ike_settings>

I hope that helps. Just becarefull and ways make a backup copy b4 proceeding.

 

Good luck and let us know how your forticlientVersion works. I'm having problems with a few 10.10 and dropping ipsec connections.

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
16 REPLIES 16
vanc
New Contributor II

You posted to the wrong forum. Should move to FortiClient.

THEcRiteK
New Contributor

Hi vanc,

 

i have tried, when you can tell me how i can move the thread, i will move it, thanks!

emnoc
Esteemed Contributor III

Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.

 

1: backup the cfg

Preference > General > Backup ( name the file )

 

2:  open the <*.conf> file in yoru favorite editor.

 

3: Search down to the ipsec or connection name

 

4:make your modifications and save as new file

 

5: Restore the new cfg

 

 

  <name>socpuppetshq</name>                     <type>manual</type>                     <ike_settings>                         <prompt_certificate>0</prompt_certificate>                         <description>MainFGT100D</description>                         <server>192.0.1.1</server>                         <authentication_method>Preshared Key</authentication_method>                         <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key>                         <mode>aggressive</mode>                         <dhgroup>5</dhgroup>                         <key_life>86400</key_life>                         <localid></localid>                         <nat_traversal>1</nat_traversal>                         <mode_config>1</mode_config>                         <enable_local_lan>0</enable_local_lan>                         <dpd>1</dpd>                         <xauth>                             <enabled>1</enabled>                             <prompt_username>0</prompt_username>                             <username>Enc 420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username>                             <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password>                         </xauth>                         <proposals>                             <proposal>aes128|sha1</proposal>                             <proposal>aes256|sha256</proposal>                             <proposal>3des|sha256</proposal>                             <proposal>aes128|sha1</proposal>                             <proposal>aes256|sha1</proposal>                             <proposal>3des|sha1</proposal>                         </proposals>                         <fgt>0</fgt>                     </ike_settings>

I hope that helps. Just becarefull and ways make a backup copy b4 proceeding.

 

Good luck and let us know how your forticlientVersion works. I'm having problems with a few 10.10 and dropping ipsec connections.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
THEcRiteK

Hi emnoc,

 

thank's for your reply, i've tried this before, but nothing won't work.

If I edit the config file and import the file, the client delete the vpn connection or it doesn't work.

 

But i will try again and let you know if it works for me, thank's again for your reply.

 

 

kcerb
New Contributor III

emnoc wrote:

Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.

 

1: backup the cfg

...

 

5: Restore the new cfg

 

I have v5.4.4.536 FortiClient for MAC and if I backup the config and then restore (without even opening .conf file) it throws an error "Error while processing the configuration file. The file is corrupted or missing. Import failed."

Has anyone found a working solution?

FGT60B, FGT100A, FGT100D

FGT60B, FGT100A, FGT100D
emnoc
Esteemed Contributor III

What I would do is try to restore on a 2nd mac or a different device. If you want me to try ping me in IM and I'll shut my personal email 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
kcerb
New Contributor III

Still no luck. Even on other machine. The problem still exists on FortiClientVPNSetup_6.4.1.1267_macosx.dmg

Backup configuration with success but restore failed.

 

FGT60B, FGT100A, FGT100D

FGT60B, FGT100A, FGT100D
emnoc
Esteemed Contributor III

If I edit the config file and import the file, the client delete the vpn connection or it doesn't work.  

 

 

What are you  modifying if I may ask?

 

I've changed  thing such as ; PSK and vpn gateway address, but never done anything within in the IPSEC portion of the configuration. You should be able to change anything and re-imported, but if your removing the configuration parameters, than that needs to be tested and validated. IIRC if you make mistaens in the  configuration syntax, it will not successfully import.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
THEcRiteK

I edit the porposals, because with the standards the windows client can't connect too.

So i want to edit this settings, because i think this is the problem why the mac client can't connect.

 

for example:

                         <proposals>                             <proposal>3DES|MD5</proposal>                             <proposal>3DES|SHA1</proposal>                             <proposal>AES128|MD5</proposal>                             <proposal>AES128|SHA1</proposal>                         </proposals>

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors