Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dominikduda
New Contributor

Created on ā€Ž08-12-2024 06:46 AM

"Failed create SSL" using 7.2.5.0847 Interim version on Kubuntu 24.04

Hello everyone

Recently I installed FortiClient VPN (version 7.2.5.0847 Interim) on Kubuntu 24.04.

I realize this is a dev build, but there is no stable version that supports my system yet AFAIK.

unnamed (1).png
unnamed.png
The screenshot depicts my config.

I have exported the logs but I am not sure if it is safe to publish them here. 

How do I debug what's wrong?

Labels:
697
0 Kudos
7 REPLIES 7
hbac
Staff
Staff

Created on ā€Ž08-12-2024 09:06 AM

Hi @dominikduda,

 

What is the error message when connecting? At how many % does it fail? Please collect debugs by following this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

 

Regards, 

665
dominikduda
New Contributor
In response to hbac

Created on ā€Ž08-19-2024 12:59 AM

It fails every time.

 

I'm not sure how to follow that guide.

 

The commands "diagnose" and "forticlient diagnose" aren't recognized in my terminal.

I receive the following error: "Error: unknown command 'diagnose' for 'forticlient'".

 

Where are these commands supposed to come from? Do I need to install something?

547
0 Kudos
dominikduda
New Contributor
In response to hbac

Created on ā€Ž08-19-2024 01:06 AM

Exported logs: https://gist.github.com/dominikduda/6e9646768d5e0a4be85d54ee1b5cabe6

541
0 Kudos
arahman
Staff
Staff

Created on ā€Ž08-12-2024 02:00 PM

also can you ping the fortigate public IP from the device and make sure the config is fine and try the sniffer on the fortigate with
diag sniffer packet any ' host <client IP > and port 10443 ' 4 0 l 


and see if you are able to see traffic on fortigate
, also i found this old article about the same issue with ubuntu, see if this helps 
https://community.fortinet.com/t5/Support-Forum/Forticlient-SSL-VPN-not-working-on-Ubuntu/m-p/92309#...

 

634
0 Kudos
dominikduda
New Contributor
In response to arahman

Created on ā€Ž08-19-2024 01:11 AM

Not sure how to follow it. "diag" is not a command. Client IP means my private network IP?

 

539
0 Kudos
dominikduda
New Contributor

Created on ā€Ž08-19-2024 01:06 AM

Here are the exported logs: https://gist.github.com/dominikduda/6e9646768d5e0a4be85d54ee1b5cabe6

542
0 Kudos
dominikduda
New Contributor

Created on ā€Ž08-21-2024 03:54 AM

I think actually my pfx certificate was broken. Received new one and now it behaves differently.

Here are the logs:

https://gist.github.com/dominikduda/d03caf83f0a06fe65064f2813aac78df

493
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the ā€œNominate to Knowledge Baseā€ button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.