- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- VPNSSL connection almost impossible, reset at 98%
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPNSSL connection almost impossible, reset at 98%
Hi all !
Latest version of FortiClient VPN (7.0.11.0569), latest FGT firmware (v7.0.14 build0601)
I am using a Windows 11 insider dev channel. Since last weeks upgrade (build 26058 release 240209-1555), I am almost unable to connect via SSLVPN.
Nothing has changed appart from this upgrade, all the other remote users running "standard" windows 11 versions have absolutely no problem.
My client log is filled with errors that I found on other threads but with no solution :
error: poll_send_ssl ->SSL_get_error(): 5, try:1
error: poll_send_ssl -> WSAGetLastError():2745, try:1
error: poll_send_ssl ->data size: 66, try:1
[handle_driver_read_event]: error: poll_send
error: poll_recv_ssl -> SSL_get_error(): 5
error: poll_recv_ssl -> WSAGetLastError():2745
error: polling recv, try:1
etc....
If I insist a lot, after some time it will connect (maybe 20 retries), and the log looks absolutely normal (nothing logged appart from connection established).
On the Fortigate side, I have "SSL web application blocked", and "ssl exit error, reason DH Lib".
I have no idea what this is, and above all why it sometimes work !
Can some help me on this matter ? Thanks a lot !
PS : there is not client certificate, as some support pages mention this.
Labels:
- Labels:
-
FortiClient
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would try turning off IPv6 on both the Ethernet and SSLVPN adaptor within your network settings.
Please try and see if a specific Windows Update is installed with the PowerShell command: 'Get-Hotfix KB2693643'. This update can cause the issue you are seeing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This hotfix does not seem to be installed, but as I mentioned I am using a dev channel windows 11 version, so this might by included in the base version of the OS rather than in a hotfix, right ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @ArnaudL
The possible reasons are for disconnection at <98%> :
- Issues at this stage usually occur due to a corrupted installation of FortiClient or due to OS problems.
- Reinstall the FortiClient software on the system.
- Check for compatibility issues between FortiGate and FortiClient.
- This may also occur when attempting to negotiate SSL VPN with the free version of FortiClient.
You can refer this KB for reference :
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL...
Link for FortiGate and FortiClient compatibility link :
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/afec3249-ed3f-11ea-96b9-005056...
Created on 03-04-2024 01:27 AM Edited on 03-04-2024 01:27 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rajneesh
I have reinstalled many times already, including older versions of the forticlient.
Forticlient and Fortigate are at the latest version, as mentioned in my original message, so incompatibility is unlikely.
Using the free version of Forticlient should not be a problem so we cannot investigate this possibility any further as we will not move to EMS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear @ArnaudL
Please can you disable IPv6 on the NIC of the client machine and try again.
Please follow the KB - https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-fails-at-98/ta-p/248363
Best regards,
Erlin
Created on 03-04-2024 01:09 AM Edited on 03-04-2024 01:16 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @esalija , thanks for the tip.
Do you mean the physical NIC, or the virtual Fortinet SSL VPN Virtual adapter ?
Edit : sorry, I had not seen the reply by @johnathan . I'll give it a try, but disabling ipv6 on my physical adapter is not a viable solution.
Created on 03-04-2024 11:54 PM Edited on 03-04-2024 11:59 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@esalija and @johnathan
I am working remotely today so I gave it a try but it does not help. Disabling IPv6 in both the Fortinet SSL VPN adapter and my Wifi interface made no difference.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ArnaudL wrote:If I insist a lot, after some time it will connect (maybe 20 retries), and the log looks absolutely normal (nothing logged appart from connection established).
I had to retry for about 1 hour to finally get connected this morning.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ArnaudL,
Please refer to https://community.fortinet.com/t5/FortiClient/Technical-Tip-Interpreting-WSAGetLastError-in-FortiCli...
Based on your FortiClient logs "WSAGetLastError():2745", 2745 in hexadecimal is = 10053 in decimal and based on Microsoft link below, WSAECONNABORTED 10053 = Software caused connection abort. An established connection was aborted by the software in your host computer, possibly due to a data transmission time-out or protocol error.
https://learn.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Is there any third party software that might conflict with FortiClient? Have you tried different internet connection (wifi/ethernet)?
Regards,
Related Posts
- NO internet connection when using static... 93 Views
- SSL VPN on LTE Disconnecting Frequently 111 Views
- FortiClient 7.2.4 installer with deployed EMS... 122 Views
- FortiGate with Grafana 111 Views
- LDAPS issue, 'Can't contact LDAP server' 349 Views
Labels
-
FortiGate
6,533 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
Firewall policy
23 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.