Hi,
I'm using openfortivpn 1.21.0 on `FreeBSD:14:amd64`, and it dies after a couple of minutes with the following error:
DEBUG: ppp ---> gateway (54 bytes) ppp: 00 21 45 00 00 34 00 00 40 00 40 06 c2 bd c0 a8 42 cb c3 ce b0 c4 b6 a2 01 bb 39 3f 6b c9 0f 0c ac 9a 80 14 00 00 87 a0 00 00 01 01 08 0a b9 69 a5 8d 16 f5 e8 18 DEBUG: Error writing to SSL connection (Connection closed). DEBUG: Error reading from SSL connection (Operation timed out). INFO: Cancelling threads... INFO: Cleanup, joining threads... DEBUG: Disconnecting INFO: Setting tun0 interface down. INFO: Restoring routes... DEBUG: /sbin/route -n delete -host 195.206.176.196 192.168.66.1 delete host 195.206.176.196: gateway 192.168.66.1 fib 0: not in table INFO: Removing VPN nameservers... DEBUG: resolvconf_call: /sbin/resolvconf -d "tun0.openfortivpn" DEBUG: Waiting for ppp to exit... DEBUG: waitpid: ppp exit status code 0 DEBUG: ppp: Successful exit. INFO: Terminated ppp. INFO: Closed connection to gateway. DEBUG: SO_KEEPALIVE: OFF DEBUG: TCP_KEEPIDLE: 7200 DEBUG: TCP_KEEPINTVL: 75 DEBUG: TCP_KEEPCNT: 8 DEBUG: SO_SNDBUF: 32768 DEBUG: SO_RCVBUF: 65536 DEBUG: server_addr: 195.206.176.196 DEBUG: server_port: 443 DEBUG: gateway_ip: 195.206.176.196 DEBUG: gateway_port: 443 DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 DEBUG: Setting minimum protocol version to: 0x303. DEBUG: Gateway certificate validation failed. DEBUG: Gateway certificate digest found in white list.
Full log: https://pastebin.com/xx8My56N
I tried suggested settings but without much luck
ppp.conf doas openfortivpn -c /usr/local/etc/openfortivpn/flattire --ppp-system flattire-vpn -v -v
flattire-client: set login set timeout 0
There is a Linux router nearby that is doing just fine, and I noticed that its MTU is 1354 whilst it's 1500 on FreeBSD, so I tried to set it to 1354 with `doas ifconfig tun1 mtu 1354` right after link goes up (manually so far) and I can see in debug logs that the packet size decreased "DEBUG: ppp ---> gateway (1356 bytes)" but it still breaks down:
Any advice is appreciated!
Hello
Try catch the logs from FG side while the connection drops.
diagnose debug application sslvpn -1
diagnose debug enable
Unfortunately I don't have access to it :(
Try contact FG admin so he helps you with this output.
On the other hand, as this is not Fortinet product, in parallel you may try contact openfortivpn's editor to show him the above log, either he knows the issue or he will correct it in the next release.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.