- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- SSL VPN for MAC M1 MAX
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL VPN for MAC M1 MAX
I'm able to connect on my iPhone but not from my Mac here is the logs.
20240411 10:40:51 TZ=-0400 [VPN:INFO] PacketTunnelProvider.swift:42 VPN provider: 0850
20240411 10:40:51 TZ=-0400 [VPN:INFO] PacketTunnelProvider.swift:56 Start Destination IP tunnel.
20240411 10:40:51 TZ=-0400 [VPN:DEBG] PacketTunnelProvider.swift:148 Mode: 0
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SystemConfig.swift:212 Get DNS from Setup domain
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SystemConfig.swift:242 Copy service entity failed
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SystemConfig.swift:212 Get DNS from State domain
20240411 10:40:51 TZ=-0400 [VPN:INFO] SSLVPNTunnel.swift:1111 Starting TLS tunnel
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SSLVPNTunnel.swift:1117 Hostname: ------
20240411 10:40:51 TZ=-0400 [VPN:INFO] SSLVPNTunnel.swift:1052 TLS tunnel connection state: PREPARING
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SSLVPNTunnel.swift:1016 TLS tunnel connection state: READY
20240411 10:40:51 TZ=-0400 [VPN:DEBG] SSLVPNTunnel.swift:1017 remote IP: -------
20240411 10:40:51 TZ=-0400 [VPN:EROR] SSLVPNTunnel.swift:196 Server does not support all known tunnel methods.
20240411 10:40:51 TZ=-0400 [VPN:INFO] SSLVPNTunnel.swift:1039 TLS tunnel connection state: CANCELLED
20240411 10:40:51 TZ=-0400 [VPN:EROR] SSLVPNTunnel.swift:1045 TLS tunnel cancelled with error: badConfiguration
20240411 10:40:51 TZ=-0400 [VPN:EROR] SSLVPNTunnel.swift:838 Closed while starting, with error: badConfiguration
Related issue: https://community.fortinet.com/t5/Support-Forum/SSL-VPN-Windows-Works-MacOS-does-not/m-p/47900
I have tried all the suggestions from that thread. I'm on an Apple M1 Max and getting this with Forticlient 7.2.4.0850 which is the client my firewall is serving when I go to download it.
Labels:
- Labels:
-
FortiGate v5.4
-
SSL-VPN
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@bustedware , could you enable some debugs on FGT side, and reproduce the issue, then share outputs here:
What is you FGT version btw?
diag debug reset
diag debug console timestamp enable
diag debug app fnbamd -1
diag debug app sslvpn -1
diagnose debug enable
Asset
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes. Can you please let me know how do I rollback these changes first and where will the logs be generated on the firewall? Thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure,
open ssh connection to FGT, and execute these commands above.
after finishing, disable the debugs using the command below, and share outputs:
diag de disable
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542
Asset
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the log after reproducing the issue:
2024-04-11 08:31:23 [139:root:30]allocSSLConn:264 sconn 0x54519300 (0:root)
2024-04-11 08:31:23 [139:root:30]SSL state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 write certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 write key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 write server done A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read client certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read client key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read certificate verify A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:23 [139:root:30]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2024-04-11 08:31:23 [139:root:30]req: /remote/info
2024-04-11 08:31:23 [139:root:30]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:23 [139:root:30]Destroy sconn 0x54519300, connSize=0. (root)
2024-04-11 08:31:23 [139:root:31]allocSSLConn:264 sconn 0x54519300 (0:root)
2024-04-11 08:31:23 [139:root:31]SSL state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 write certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 write key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 write server done A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read client certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read client key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read certificate verify A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:23 [139:root:31]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2024-04-11 08:31:23 [139:root:31]req: /remote/login
2024-04-11 08:31:23 [139:root:31]rmt_web_auth_info_parser_common:418 no session id in auth info
2024-04-11 08:31:23 [139:root:31]rmt_web_get_access_cache:729 invalid cache, ret=4103
2024-04-11 08:31:23 [139:root:31]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:23 [139:root:31]Destroy sconn 0x54519300, connSize=0. (root)
2024-04-11 08:31:23 [139:root:32]allocSSLConn:264 sconn 0x54519300 (0:root)
2024-04-11 08:31:23 [139:root:32]SSL state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 write certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 write key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 write server done A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read client certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read client key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read certificate verify A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:23 [139:root:32]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2024-04-11 08:31:23 [139:root:32]req: /remote/logincheck
2024-04-11 08:31:23 [139:root:32]rmt_web_auth_info_parser_common:418 no session id in auth info
2024-04-11 08:31:23 [139:root:32]rmt_web_access_check:667 access failed, uri=[/remote/logincheck],ret=4103,
2024-04-11 08:31:23 [139:root:32]rmt_logincheck_cb_handler:861 user 'bustedware' has a matched local entry.
2024-04-11 08:31:23 [139:root:32]sslvpn_auth_check_usrgroup:1752 forming user/group list from policy.
2024-04-11 08:31:23 [139:root:32]sslvpn_auth_check_usrgroup:1790 got user (0) group (1:0).
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1423 validating with SSL VPN authentication rules (1), realm ().
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1471 checking rule 1 cipher.
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1479 checking rule 1 realm.
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1490 checking rule 1 source intf.
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1527 checking rule 1 vd source intf.
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1600 rule 1 done, got user (0) group (1:0).
2024-04-11 08:31:23 [139:root:32]sslvpn_validate_user_group_list:1688 got user (0), group (1:0).
2024-04-11 08:31:23 [139:root:32]two factor check for bustedware: off
2024-04-11 08:31:23 [139:root:32]sslvpn_authenticate_user:168 authenticate user: [bustedware]
2024-04-11 08:31:23 [139:root:32]sslvpn_authenticate_user:175 create fam state
2024-04-11 08:31:23 [139:root:32]fam_auth_send_req:528 with server blacklist:
2024-04-11 08:31:23 [139:root:32]fam_auth_send_req_internal:416 fnbam_auth return: 0
2024-04-11 08:31:23 [139:root:32]fam_auth_send_req_internal:422 authentication OK
2024-04-11 08:31:23 [139:root:32]fam_do_cb:471 fnbamd return auth success.
2024-04-11 08:31:23 [139:root:32]SSL VPN login matched rule (1).
2024-04-11 08:31:23 [139:root:32]login_succeeded:383 redirect to hostcheck
2024-04-11 08:31:23 [139:root:32]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:32]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:32]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:32]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:23 [139:root:32]Destroy sconn 0x54519300, connSize=0. (root)
2024-04-11 08:31:23 [139:root:33]allocSSLConn:264 sconn 0x54519300 (0:root)
2024-04-11 08:31:23 [139:root:33]SSL state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 read finished A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 read finished A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:23 [139:root:33]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2024-04-11 08:31:23 [139:root:33]req: /remote/fortisslvpn
2024-04-11 08:31:23 [139:root:33]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:33]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:33]form_ipv4_split_tunnel_addr:1499 Matched policy (id = 13) to add split tunnel routing address
2024-04-11 08:31:23 [139:root:33]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:23 [139:root:33]Destroy sconn 0x54519300, connSize=0. (root)
2024-04-11 08:31:23 [139:root:34]allocSSLConn:264 sconn 0x54519300 (0:root)
2024-04-11 08:31:23 [139:root:34]SSL state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 write certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 write key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 write server done A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read client certificate A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read client key exchange A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read certificate verify A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:23 [139:root:34]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2024-04-11 08:31:23 [139:root:34]req: /remote/fortisslvpn_xml
2024-04-11 08:31:23 [139:root:34]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:34]deconstruct_session_id:363 decode session id ok, user=[bustedware],group=[IPSEC-VPN],portal=[tunnel-access],host=[172.20.30.106],realm=[],idx=0,auth=1,sid=4c5947be, login=1712849483, access=1712849483
2024-04-11 08:31:23 [139:root:34]sslvpn_reserve_dynip:1077 tunnel vd[root] ip[10.212.134.200]
2024-04-11 08:31:23 [139:root:34]form_ipv4_split_tunnel_addr:1499 Matched policy (id = 13) to add split tunnel routing address
2024-04-11 08:31:23 [139:root:34]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:23 [139:root:34]Destroy sconn 0x54519300, connSize=0. (root)
2024-04-11 08:31:25 [139:root:35]allocSSLConn:264 sconn 0x54596800 (0:root)
2024-04-11 08:31:25 [139:root:35]DTLS state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:DTLS1 write hello verify request A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read client hello B:system lib(172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read client hello B (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write certificate A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write key exchange A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write server done A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read client certificate A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read client key exchange A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read certificate verify A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write session ticket A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:25 [139:root:35]DTLS established: DTLSv1 ECDHE-RSA-AES256-GCM-SHA384 from 172.20.30.106
2024-04-11 08:31:25 [139:root:35]sslvpn_dtls_handle_client_data:630 got type clthello-tun
2024-04-11 08:31:25 [139:root:35]sslvpn_send_ctrl_msg:873 0x54596800 message: svrhello fail 172.20.30.106
2024-04-11 08:31:25 [139:root:35]Destroy sconn 0x54596800, connSize=0. (root)
2024-04-11 08:31:25 [139:root:36]allocSSLConn:264 sconn 0x54596800 (0:root)
2024-04-11 08:31:25 [139:root:36]DTLS state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:25 [139:root:36]DTLS state:SSLv3 read client hello B:system lib(172.20.30.106)
2024-04-11 08:31:25 [139:root:37]allocSSLConn:264 sconn 0x54519900 (0:root)
2024-04-11 08:31:25 [139:root:37]SSL state:before/accept initialization (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 read client hello A (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 write server hello A (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 write certificate A (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 write key exchange A (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 write server done A (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 read client certificate A (172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:25 [139:root:37]SSL state:SSLv3 read client key exchange A:system lib(172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 read client key exchange A (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 read certificate verify A (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 read finished A (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 write session ticket A (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 write change cipher spec A (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 write finished A (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSLv3 flush data (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL state:SSL negotiation finished successfully (172.20.30.106)
2024-04-11 08:31:26 [139:root:37]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2024-04-11 08:31:26 [139:root:37]req: /remote/sslvpn-tunnel2?uuid=3EE24DA240A35639BD3782F753547C08
2024-04-11 08:31:26 [139:root:37]def: (nil) /remote/sslvpn-tunnel2
2024-04-11 08:31:26 [139:root:37]req:
2024-04-11 08:31:26 [139:root:37]Invalid method in request .
2024-04-11 08:31:26 [139:root:37]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:26 [139:root:37]Destroy sconn 0x54519900, connSize=1. (root)
2024-04-11 08:31:34 [139:root:0]sslvpn_internal_remove_one_web_session:2607 session (root:bustedware:IPSEC-VPN:172.20.30.106 1) removed for tunnel connection setup timeout for SSLVPN Client
2024-04-11 08:31:40 [139:root:36]sslvpn_dtls_timeout_check:286 waiting for client hello timeout.
2024-04-11 08:31:40 [139:root:36]Destroy sconn 0x54596800, connSize=0. (root)
Created on 04-12-2024 01:13 AM Edited on 04-12-2024 01:15 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I suspect there is an issue with Fclient side, because FGT successfully authenticated user, and reserved IP address.
2024-04-11 08:31:23 [139:root:32]fam_do_cb:471 fnbamd return auth success.
2024-04-11 08:31:23 [139:root:32]SSL VPN login matched rule (1).
2024-04-11 08:31:23 [139:root:32]login_succeeded:383 redirect to hostcheck
......
......
2024-04-11 08:31:23 [139:root:34]sslvpn_reserve_dynip:1077 tunnel vd[root] ip[10.212.134.200]
2024-04-11 08:31:23 [139:root:34]form_ipv4_split_tunnel_addr:1499 Matched policy (id = 13) to add split tunnel routing address
2024-04-11 08:31:23 [139:root:34]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)
2024-04-11 08:31:23 [139:root:34]Destroy sconn 0x54519300, connSize=0. (root)
2024-04-11 08:31:25 [139:root:35]allocSSLConn:264 sconn 0x54596800 (0:root)I would suggest you test with downgrading your FortiClient version.
Asset
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @bustedware,
Error says bad configuration "TLS tunnel cancelled with error: badConfiguration". Can you share the configuration of the SSLVPN connection on FortiClient?
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you using FQDN or IP address as Remote Gateway? If you have Host Check enabled on the firewall, try disabling it and see if you are able to connect. 5.4.4 is too old, is it possible to upgrade the firmware version?
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No I can't upgrade the firmware or even downgrade for that matter. I bought this off ebay and can't register to my account. Who on earth puts firmware behind registration?!?!
Related Posts
- FortiSwitch 124F with 1Gbps SFPs 18 Views
- Management and internal 17 Views
- Fortimanager for Home Lab / Learning 25 Views
- Blockin Whatsapp Videocall only 17 Views
- Linux forticlient-cli with enable_local_lan 26 Views
Labels
-
FortiGate
6,554 -
FortiClient
1,307 -
5.2
801 -
5.4
639 -
FortiManager
565 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
264 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
FortiConnect
24 -
SD-WAN
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
IP address management - IPAM
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
Traffic shaping policy
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
TACACS
1 -
4.0MR1
1 -
Schedule
1 -
Users
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Web rating
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Multicast routing
1 -
Email filter profile
1 -
Zone
1 -
Internet Service Database
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.