Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alvi
New Contributor

sslvpnd daemon is not running

Hi,

I just configured a Fortigate 500D SSL VPN and it is unreachable.

After some researchs I managed to find that sslvpnd is not running. (not in diag sys top and no pid file)

 

Is there any way to start it ? (reboot does not fix the problem.)

 

Thanks.

BR

 

EDIT : The FW is running on v5.4

5 REPLIES 5
emnoc
Esteemed Contributor III

What's your configuration and did you  bind a SSL interface. IIRC without a interface defined in the cfg you will not have a listener.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Alvi
New Contributor

Hi, 

My conf is as following :

 

config vpn ssl settings set servercert "Fortinet_Factory" set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set source-interface "port12" set source-address "all" set source-address6 "all" set default-portal "full-access" end

 

it is linked to port12 that is my WAN interface

emnoc
Esteemed Contributor III

Did you define any configuration authen rules?

 

e.g

 

        config authentication-rule             edit 1                 set groups "RAGRP1PLUS1"                 set portal "full-access"                 set realm ''                 set client-cert disable                 set cipher high                 set auth ldap             next             edit 2                 set groups "MYLOCALRoadWarrior1                 set portal "full-access"                 set realm ''                 set client-cert disable                 set cipher high                 set auth local             next         end

SUGGESTION:

 

Toggle the port from 443 to a unused port "commit" the chg and then go back and reset to port443

 

I would check for a proc afterwards

 

e.g

 

config vpn ssl settings

  set port 66443

end

 

{ wait 30 secs }

 

config vpn ssl settings

  set port 443

end

 

 

I would use the  fnsysctl command to look for a pid as a final check

     fnsysctl cat /var/run/sslvpnd.pid

 

And finally, i ran into this bug where the default "portal" needs to be toggle also. I can't replicate it so  tac indicate it might be something that screws up the portal access

 

If you tunnel and web-mode, check  by pointing your web-client at https:<your address-name> and see if you get a "access denied"

 

Ken

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Alvi
New Contributor

Alright guys, 

Thanks for the ideas, that lead me to double check my policies.

 

I imported them from another firewall and they were not working properly.

In v5.4 we have to specify user and address in the ssl policies. In my old rules there was only an IP-range.

 

As the FW didn't prompt me an error while importing them, I thought everything was ok. it was not.

 

Thanks again.

 

BR

noc
New Contributor

Hi,

I had the same problem: it seemed than the process was not running in the Fortigate. I solved it by adding the user-group to the policy ssl.vpn-->internal_interface; before this I only had IP addresses configured in the policy. When I put the user-group the sslvpnd process appeared and I could connect by VPN-SSL trhough VPN-SSL cliente and web.

 

Wish this helps you -perhaps a little late- or other people looking for a solution to this problem.

Adanoc
Adanoc
Labels
Top Kudoed Authors