Hey Comm,
my problem is, that on windows i can configure the forticlient very good, but on mac i can't configure the vpn connection correctly, because i don't have the advanced settings for IPsec, Phase1 and Phase2. So the client can't connect to our firewall.
Is there any trick to get these settings? I have tried many other forticlient versions but in no version the advanced settings are displayed.
thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.
1: backup the cfg
Preference > General > Backup ( name the file )
2: open the <*.conf> file in yoru favorite editor.
3: Search down to the ipsec or connection name
4:make your modifications and save as new file
5: Restore the new cfg
<name>socpuppetshq</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <description>MainFGT100D</description> <server>192.0.1.1</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth> <proposals> <proposal>aes128|sha1</proposal> <proposal>aes256|sha256</proposal> <proposal>3des|sha256</proposal> <proposal>aes128|sha1</proposal> <proposal>aes256|sha1</proposal> <proposal>3des|sha1</proposal> </proposals> <fgt>0</fgt> </ike_settings>
I hope that helps. Just becarefull and ways make a backup copy b4 proceeding.
Good luck and let us know how your forticlientVersion works. I'm having problems with a few 10.10 and dropping ipsec connections.
PCNSE
NSE
StrongSwan
So what do you have configured in the fortigate. That's what you should be doing is matching the proposals in the fortigate imho. I have never seen a need to modify the actual configuration file.
Ken
PCNSE
NSE
StrongSwan
There is one big problem with the fortigate, the person who has configured the fortigate is'nt in our company anymore.
One in our department know a little bit the current VPN config. And this person does not want to change the config, because we have to change the settings on 100 notebooks i think if he change it.
But now i have a new config file, i will test it and let you know if it works.
hi emnoc, now i get another error.
The connection was unexpectedly disconnected - error 101
This error means to me, that he has a connection but our firewall discards it, is that right?in the config-file i have replaced all "wrong" options, like ipsec vpn options or the proposals.
i dont know :(
Paul
PS: i have found something in the logs...
Qs:
Do you have the vpn configuration handy?
Have you tried with a non forticlient client ( iOS,Andorid, MACOSX, cisco vpnclient,shrew net, etc.....)
You shouldn't flat out change things with out proper diagnostics and review actions. The proposal in the forticlient , covers the default common proposals in the fortigate which should work regardless if it's mac windows or iphone.
PCNSE
NSE
StrongSwan
I habe tried it with ipsecuritas, and others ...
i have found a option, witch is on the macs configurationfile ...
... <use_vip>1</use_vip> <virtualip> <type>modeconfig</type> <ip></ip> <mask></mask> <dnsserver></dnsserver> </virtualip>
and on windows ... <use_vip>1</use_vip> <virtualip> <type>dhcpoveripsec</type> <ip>0.0.0.0</ip> <mask>0.0.0.0</mask> <dnsserver>0.0.0.0</dnsserver> <winserver>0.0.0.0</winserver> </virtualip>
But, when i write dhcpoveripsec over the modeconfig, i can't import the file?! O.o
I think this could be the fail in the configuration, because we use dhcp over ipsec...
Is this possible? But why i can't wirte dhcpoveripsec over modeconfig?
No, I have configured it as SSL VPN, then it works fine on Mac OS.
Rgds
I have the same problem on MacOS I cannot set "dhcpoveripsec" as a virtualIP type on MacOS
Did you manage to find a solution ?
Best Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.