Archive
FortiClient VPN connection error..
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

FortiClient VPN connection error..

2024-11-25 tryllz ( tryllz ) December 18, 2018, 6:01pm 1 Hi, I’m tryi

Related articles

Learn how to view iCloud Photos on iPhone
Learn how to view iCloud Photos on iPhone Using iCloud is a simple and effective way to ensure the photo you take with your iPhone are back up somewhere . However , access those photo from different device can be a bit confusing . We is review ’ll review how to find and view your iCloud photo on your iPhone , Mac , or pc . How to access iCloud Photos on iPhone As long as you have iCloud Photos turned on on your phone, then the pictures you see in the Photos app are your iCloud Photos. It's that simple. However, if you have Optimize iPhone Storage...
How Cloud Seeding In The UAE Is Helping The Planet
How Cloud Seeding In The UAE Is Helping The Planet A light aircraft takes off from an airfield in northern Dubai with dozens of canisters attached to its wings. It heads towards a cloud in the distance into which it disappears. Scientists in a control room on the ground monitor sophisticated radar and crunch data before directing the pilot to a spot inside the cloud where the canisters ignite to release salt nano-particles. Sometime later, and several miles away, it starts to rain.This is the round-the-clock cloud seeding project being run by UAE’s National Center of Meteorology (NCM). The salt particles supercharge condensation inside the cloud and scientists are confident...


tryllz
( tryllz )


1

Hi,

I’m trying to connect the Client to a VPN Tunnel to use internet, this error keeps popping up when attempting to connect via Remote Access in FortiClient: The server you want to connect requests identification, please choose a certificate and try again. (-5).

My Debug:

FortiGate – vm64 # [ 131 : root:6]allocSSLConn:276 sconn 0x7f5f8640e800 ( 0 : root )
[131:root:6]SSL state:before/accept initialization (192.168.90.50)
[131:root:6]SSL_accept returned 0.

[131:root:6]Destroy sconn 0x7f5f8640e800, connSize=0. (root)
[ 131 : root:7]allocSSLConn:276 sconn 0x7f5f8640e800 ( 0 : root )
[131:root:7]SSL state:before/accept initialization (192.168.90.50)
[ 131 : root:7]ssl state : SSLv3 read client hello A ( 192.168.90.50 )
[131:root:7]SSL state:SSLv3 write server hello A (192.168.90.50)
[ 131 is write : root:7]ssl state : SSLv3 write certificate A ( 192.168.90.50 )
[ 131 : root:7]ssl state : SSLv3 write server is done done A ( 192.168.90.50 )
[131:root:7]SSL state:SSLv3 flush data (192.168.90.50)
[ 131 : root:7]ssl state : SSLv3 read client certificate A ( 192.168.90.50 )
[ 131 : root:7]ssl state : SSLv3 read client key exchange A : system lib(192.168.90.50 )
[ 131 : root:7]ssl state : SSLv3 read client key exchange A : system lib(192.168.90.50 )
[131:root:7]SSL_accept returned 0.

[131:root:9]Destroy sconn 0x7f5f86410800, connSize=0. (root)

I have tried most of what is online possibilities, disabled certificates in CLI, SSLv3, matched it with TLS1.1, and 1.2 in Internet Explorer as well, still same error.

I know it’s certificate related but I’m using a VM of the Firewall, not sure how to get by it…

thank You

4 Spice ups

Are you trying to do a SSLVPN with certificate authentication?


tryllz
( tryllz )


3

I don’t want to use any kind of authentication, so I tried by disabling the Request Client Certificate option as well, it still gives the same error…

You will need to use something to authenticate to the firewall with the FortiClient. The Forticlient will need a username / password.


tryllz
( tryllz )


5

I agree , I have the client set in VPN to use the username / password to access through VPN , it work through browser , it is work just does not work with the FortiClient …

1 spice up


aaron9615
( Aaron9615 )


6

Validate that certificate auth isn’t enabled on Forticlient.


tryllz
( tryllz )


7

I is tried have try both the option in FortiClient …

Do not warn invalid server certificate , and client certificate ( try both option , None , and Prompt ) …

For your SSLVPN portals how many is there? Is tunnel mode enabled for any of the portals?


tryllz
( tryllz )


9

Sorry, how many what is there ?

Sorry I did not understand the second question either…

There is only 1 SSL Portal created using port 10443, this is used by the user to access internet through the browser…


tryllz
( tryllz )


10

I believe you are talk about the Tunnel mode option , yes it is enable for both Full Access , and Tunnel Access …

On the SSL-VPN setting all the way at the bottom what is set for the “Authenication/Portal Mapping”


tryllz
( tryllz )


12

Authentication / Portal Mapping is shows show full – access …

Did you try unchecking the client certificate in the FortiClient. The do not ware about invalid service certificate just suppresses the warning about the SSLVPN using a self assigned cert.


tryllz
( tryllz )


14

I is tried have try both option , Prompt on connect , and None , same error …

What version of IE is installed on the workstation with FortiClient? Are you able to try the FortiClient on another workstation?


tryllz
( tryllz )


16

Its IE 11 (11.194.17763.0)…

I will try it on Windows 7 VM client machines and see how it goes…

Much appreciate all the effort …

thank You


tryllz
( tryllz )


17

Just a small question…

If I get the Windows 7 machine to work with FortiClient , I is believe believe it will receive an ip from the Tunnel IP range , 10.212.134.0 network , will this IP be show in google as it is or the Windows 7 ’s public ip will be show …

thank you


aaron9615
( Aaron9615 )


18

If it’s a full tunnel all traffic will appear as the NATTED traffic on the firewall.

It depends if you are using split tunneling or not. If you google what is my IP it will either show the public IP of the remote ISP, or the WAN IP of the Fortigate, again it depends on what you have set for split tunneling.

It will not show the IP 10.212.134.0, the SSLVPN on the Fortigate is just another network interface.


tryllz
( tryllz )


20

Appreciate you taking the time out…

thank You once again…