- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: "Error writing to SSL connection" with securit...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Error writing to SSL connection" with security/openfortivpn on FreeBSD 14
Hi,
I'm using openfortivpn 1.21.0 on `FreeBSD:14:amd64`, and it dies after a couple of minutes with the following error:
Code:
DEBUG: ppp ---> gateway (54 bytes) ppp: 00 21 45 00 00 34 00 00 40 00 40 06 c2 bd c0 a8 42 cb c3 ce b0 c4 b6 a2 01 bb 39 3f 6b c9 0f 0c ac 9a 80 14 00 00 87 a0 00 00 01 01 08 0a b9 69 a5 8d 16 f5 e8 18 DEBUG: Error writing to SSL connection (Connection closed). DEBUG: Error reading from SSL connection (Operation timed out). INFO: Cancelling threads... INFO: Cleanup, joining threads... DEBUG: Disconnecting INFO: Setting tun0 interface down. INFO: Restoring routes... DEBUG: /sbin/route -n delete -host 195.206.176.196 192.168.66.1 delete host 195.206.176.196: gateway 192.168.66.1 fib 0: not in table INFO: Removing VPN nameservers... DEBUG: resolvconf_call: /sbin/resolvconf -d "tun0.openfortivpn" DEBUG: Waiting for ppp to exit... DEBUG: waitpid: ppp exit status code 0 DEBUG: ppp: Successful exit. INFO: Terminated ppp. INFO: Closed connection to gateway. DEBUG: SO_KEEPALIVE: OFF DEBUG: TCP_KEEPIDLE: 7200 DEBUG: TCP_KEEPINTVL: 75 DEBUG: TCP_KEEPCNT: 8 DEBUG: SO_SNDBUF: 32768 DEBUG: SO_RCVBUF: 65536 DEBUG: server_addr: 195.206.176.196 DEBUG: server_port: 443 DEBUG: gateway_ip: 195.206.176.196 DEBUG: gateway_port: 443 DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 DEBUG: Setting minimum protocol version to: 0x303. DEBUG: Gateway certificate validation failed. DEBUG: Gateway certificate digest found in white list.
Full log: https://pastebin.com/xx8My56N
I tried suggested settings but without much luck
ppp.conf doas openfortivpn -c /usr/local/etc/openfortivpn/flattire --ppp-system flattire-vpn -v -v
flattire-client: set login set timeout 0
There is a Linux router nearby that is doing just fine, and I noticed that its MTU is 1354 whilst it's 1500 on FreeBSD, so I tried to set it to 1354 with `doas ifconfig tun1 mtu 1354` right after link goes up (manually so far) and I can see in debug logs that the packet size decreased "DEBUG: ppp ---> gateway (1356 bytes)" but it still breaks down:
Any advice is appreciated!
Labels:
- Labels:
-
FortiClient
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Try catch the logs from FG side while the connection drops.
diagnose debug application sslvpn -1
diagnose debug enable
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately I don't have access to it :(
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try contact FG admin so he helps you with this output.
On the other hand, as this is not Fortinet product, in parallel you may try contact openfortivpn's editor to show him the above log, either he knows the issue or he will correct it in the next release.
AEK
AEK
Labels
-
FortiGate
6,555 -
FortiClient
1,307 -
5.2
801 -
5.4
639 -
FortiManager
565 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
264 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
FortiConnect
24 -
SD-WAN
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
IP address management - IPAM
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
Traffic shaping policy
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
TACACS
1 -
4.0MR1
1 -
Schedule
1 -
Users
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Web rating
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Multicast routing
1 -
Email filter profile
1 -
Zone
1 -
Internet Service Database
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.