Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Taylor_Res
New Contributor II

ssl vpn client stops at 20% doesnt connect

I have a user that i setup for ssl vpn connection with the forticlient 7.0.8.  the device is having trouble conencting and stops at 20%  this happened after some required software was installed.  Is there anything that anyone knows of that would interfere with forticlient from connecting to a ssl vpn?  

 

thanks

1 Solution
Taylor_Res
New Contributor II

Apparently forticlient ssl VPN needs the windows telephony service to be running.  This is why the client would stop at 20%. Also the remote access connection manager is involved which needs the telephony service to work.

View solution in original post

9 REPLIES 9
btan
Staff
Staff

Hello,

 

You may refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL... for possible reasons of SSLVPN stuck at certain percentage.
Steps to narrow down the issue:

1. Is this happening to single user only? (other users can connect to the VPN?)

2. Was it working fine in a previous FCT version, eg FCT 7.0.7 or 6.4.x?

3. Open a browser and enter your VPN gateway FQDN:port, is the web portal accessible?

Regards,
Bon
Taylor_Res
New Contributor II

Yes i can get to the web portal and login that way but the foticlient doesnt connect. just stops at 20% and goes back to login screen.

pavankr5
Staff
Staff

Hello @Taylor_Res 

- If you are unable to connect to VPN, it hung at 20% or 40%
- Could you please confirm if you are getting any warning related to the certificate being used for SSL-VPN.

- Please share the exact error message you are getting when it is stuck at 20%

- execute the below commands and then initiate the connection via Forticlient

diag debug reset
diag debug application fnbamd -1
diag debug appl sslvpn -1
diag debug enable

to disable log run below command

di de disable

Thanks,

 

Pavan

Taylor_Res
New Contributor II

I will try this but it seems like the client isnt even getting to the fortigate.  Seems more like there is a conflict with some other software installed on the laptop.  Im trying to pinpoint that now as it was working and is not working now.  Or maybe its related to an intel driver for wifi card.  its very strange.

Taylor_Res
New Contributor II

No the client is not even getting to the fortigate for there to be any diagnostics.

 

im seeing this in the fortigate logs for vpn


Action ssl-exit-error
Reason DH lib

Markus_M

Hi Taylor,

 

20% does sound like no connection is really made. The SSL error might fit.

You might check if your FortiClient is very old. Your browser seems to connect to the address fine. You could try with a packet capture on the client and see what gets sent/received and what client and server are talking to each other. It might be a TLS negotiation error.

 

Best regards,

 

Markus

Taylor_Res
New Contributor II

seems to be related to a group policy object on my domain.  once i connected the device to the domain the vpn stopped connecting.

Taylor_Res
New Contributor II

Apparently forticlient ssl VPN needs the windows telephony service to be running.  This is why the client would stop at 20%. Also the remote access connection manager is involved which needs the telephony service to work.

rtichkule
Staff
Staff

You can try following below:


Disable any firewall or antivirus software that is currently active on your computer and then try to connect once more.

Look through the logs on the FortiGate firewall and the FortiClient SSL VPN client for any error messages or warnings that could point to the problem's root.


Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors