Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
YevheniiK
New Contributor II

"Error writing to SSL connection" with security/openfortivpn on FreeBSD 14

Hi,

I'm using openfortivpn 1.21.0 on `FreeBSD:14:amd64`, and it dies after a couple of minutes with the following error:


Code:
DEBUG:  ppp ---> gateway (54 bytes)
ppp:   00 21 45 00 00 34 00 00 40 00 40 06 c2 bd c0 a8 42 cb c3 ce b0 c4 b6 a2 01 bb 39 3f 6b c9 0f 0c ac 9a 80 14 00 00 87 a0 00 00 01 01 08 0a b9 69 a5 8d 16 f5 e8 18


DEBUG:  Error writing to SSL connection (Connection closed).
DEBUG:  Error reading from SSL connection (Operation timed out).
INFO:   Cancelling threads...
INFO:   Cleanup, joining threads...
DEBUG:  Disconnecting
INFO:   Setting tun0 interface down.
INFO:   Restoring routes...
DEBUG:  /sbin/route -n delete -host 195.206.176.196 192.168.66.1
delete host 195.206.176.196: gateway 192.168.66.1 fib 0: not in table
INFO:   Removing VPN nameservers...
DEBUG:  resolvconf_call: /sbin/resolvconf -d "tun0.openfortivpn"
DEBUG:  Waiting for ppp to exit...
DEBUG:  waitpid: ppp exit status code 0
DEBUG:  ppp: Successful exit.
INFO:   Terminated ppp.
INFO:   Closed connection to gateway.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 8
DEBUG:  SO_SNDBUF: 32768
DEBUG:  SO_RCVBUF: 65536
DEBUG:  server_addr: 195.206.176.196
DEBUG:  server_port: 443
DEBUG:  gateway_ip: 195.206.176.196
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.


Full log: https://pastebin.com/xx8My56N


I tried suggested settings but without much luck

ppp.conf doas openfortivpn -c /usr/local/etc/openfortivpn/flattire  --ppp-system flattire-vpn -v -v

 

flattire-client:
  set login
  set timeout 0

 

There is a Linux router nearby that is doing just fine, and I noticed that its MTU is 1354 whilst it's 1500 on FreeBSD, so I tried to set it to 1354 with  `doas ifconfig tun1 mtu 1354` right after link goes up (manually so far) and I can see in debug logs that the packet size decreased "DEBUG: ppp ---> gateway (1356 bytes)"  but it still breaks down:



Any advice is appreciated!

3 REPLIES 3
AEK
SuperUser
SuperUser

Hello

Try catch the logs from FG side while the connection drops.

diagnose debug application sslvpn -1
diagnose debug enable

 

AEK
AEK
YevheniiK
New Contributor II

Unfortunately I don't have access to it :( 

AEK

Try contact FG admin so he helps you with this output.

On the other hand, as this is not Fortinet product, in parallel you may try contact openfortivpn's editor to show him the above log, either he knows the issue or he will correct it in the next release.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors