Halp - I can't get it to connect :sadface:
Opened this issue · 3 comments
Hi,
Using openfortigui, I get a smattering of errors in the log file which ultimately lead to an immediate disconnect.
I am using version 0.9.0, running on top of openfortivpn 1.12.0-1, Ubuntu 20.04; kernel v5.4.0-54-generic.
The client makes the initial connection to my workplace VPN successfully, it asks for certificate approval, authenticates successfully and negotiates the DNS server settings successfully. However, it then gives a buffer overflow error and halts the connection immediately. Thereafter, when trying to connect, it prompts for an OTP (I have no idea why or where I'd get it). There is also a weird "unable to log out" error that crops up during initial certificate negotiation.
As a point of reference, I also have the legacy 64bit FortiClient SSLVPN 4.0.2333 installed, and it just works. I enter the server address, username and password and away it goes. I'd keep using it but the new client seems to have plenty of nice QoL features which I'd like to have.
I have left all the settings for the connection at their defaults, that is:
Set Routes: yes
Half Internet Routes: no
Set DNS : yes
Insecure SSL: no
Debug: y/n - it makes no difference and gives no useful info that I can see (but I might be wrong)
Realm: empty
PPPD stuff: disabled and all empty
Herewith some loggery:
INFO: Start tunnel.
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
INFO: Got addresses: [xxx.xxx.xxx.xxx], ns [xxx.xxx.xxx.xxx, 192.168.254.129]
INFO: Negotiation complete.
INFO: Negotiation complete.
local IP address xxx.xxx.xxx.xxx
remote IP address xxx.xxx.xxx.xxx
primary DNS address xxx.xxx.xxx.xxx
secondary DNS address 192.168.254.129
INFO: Interface ppp0 is UP.
INFO: Setting new routes...
INFO: Adding VPN nameservers...
*** buffer overflow detected ***: terminated
Hangup (SIGHUP)
Modem hangup
Connect time 0.0 minutes.
Sent 0 bytes, received 0 bytes.
Connection terminated.
If I try and connect once more, it asks for an OTP, if I enter a blank (or pulled-from-nethers) OTP and submit, the log file looks like this:
INFO: Start tunnel.
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
INFO: Got addresses: [xxx.xxx.xxx.xxx], ns [xxx.xxx.xxx.xxx, 192.168.254.129]
INFO: Negotiation complete.
INFO: Negotiation complete.
local IP address xxx.xxx.xxx.xxx
remote IP address xxx.xxx.xxx.xxx
primary DNS address xxx.xxx.xxx.xxx
secondary DNS address 192.168.254.129
INFO: Interface ppp0 is UP.
INFO: Setting new routes...
WARN: Could not get current default route (Route not found).
WARN: Protecting tunnel route has failed. But this can be working except for some cases.
WARN: Adding route table is incomplete. Please check route table.
INFO: Adding VPN nameservers...
*** buffer overflow detected ***: terminated
Hangup (SIGHUP)
Modem hangup
Connect time 0.0 minutes.
Sent 0 bytes, received 0 bytes.`
rhianne@Palantir:~$ sudo dpkg -l | grep vpn
ii forticlient-sslvpn 4.4.2333-1 amd64 The forticlient-sslvpn client to connect to fortigate firewalls
ii openfortigui 0.9.0-3 amd64 GUI for openfortivpn
ii openfortivpn 1.12.0-1 amd64 Fortinet client for PPP+SSL VPN tunnel servicesI am not in control of the hardware at work (and don't have any access to it) so could not tell you firmware versions and whatnot. All I know is, the old one works out of the box but the new one doesn't and I don't know how to fix it or what questions to ask to start fixing it. I also don't know if it's an issue with gui or the underlying openvpn implementation.
Any assistance would be greatly appreciated!
Thanks and regards,
Rhianne
PS _ I tried running it as root too, no change.
Hi,
After some fiddling I have some more feedback. Requesting a tunnel from the command line works fine:
rhianne@Palantir:~$ sudo openfortivpn xxx.xxx.xxx.xxx:10443 -u xxxx -p xxxx --trusted-cert=xxxxxxxxxxxxxxxxxxxxxxxx
WARN: You should not pass the password on the command line. Type it interactively or use a config file instead.
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
INFO: Got addresses: [xxx.xxx.xxx.xxx], ns [xxx.xxx.xxx.xxx, 192.168.254.129]
INFO: negotiation complete
INFO: negotiation complete
local IP address xxx.xxx.xxx.xxx
remote IP address xxx.xxx.xxx.xxx
INFO: Interface ppp0 is UP.
INFO: Setting new routes...
INFO: Adding VPN nameservers...
INFO: Tunnel is up and running.
^C shuts it down gracefully:
INFO: Cancelling threads...
INFO: Setting ppp interface down.
INFO: Restoring routes...
INFO: Removing VPN nameservers...
Hangup (SIGHUP)
Modem hangup
Connect time 0.6 minutes.
Sent 19051 bytes, received 51347 bytes.
Connection terminated.
INFO: pppd: The link was terminated by the modem hanging up.
INFO: Terminated pppd.
INFO: Closed connection to gateway.
INFO: Logged out.
Thanks!
Rhianne
FWIW, here are the contents of the gui log;
Dec 22 16:22:10 openfortiGUI::Debug: "start-main::"
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddVPN_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteVPN_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditVPN_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyVPN_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddGroup_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteGroup_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditGroup_clicked()
Dec 22 16:22:10 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyGroup_clicked()
Dec 22 16:22:10 openfortiGUI::Debug: vpnManager::DiskMain() on apiServer->listen:: "QLocalServer::listen: Address in use"
Dec 22 16:22:10 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Dec 22 16:22:10 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Dec 22 16:22:10 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/rhianne/.openfortigui/vpnprofiles/Work VPN DR.conf"
Dec 22 16:22:10 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "Work VPN DR"
Dec 22 16:22:10 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/rhianne/.openfortigui/vpnprofiles/Work VPN DR.conf"
Dec 22 16:22:10 openfortiGUI::Debug: SUDO-Preserve-Env fix already applied
Dec 22 16:22:16 openfortiGUI::Debug: start vpn: "Work VPN DR" active-tab:: 0
Dec 22 16:22:16 openfortiGUI::Debug: add logger "/home/rhianne/.openfortigui/main.conf"
Dec 22 16:22:16 openfortiGUI::Debug: Start vpn:: "Work VPN DR"
Dec 22 16:22:16 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/rhianne/.openfortigui/vpnprofiles/Work VPN DR.conf"
Dec 22 16:22:16 openfortiGUI::Debug: "start-vpn process::" "Work VPN DR"
Dec 22 16:22:16 openfortiGUI::Debug: "start-vpn process::config_file::" "/home/rhianne/.openfortigui/main.conf"
Dec 22 16:22:16 openfortiGUI::Warning: "QLocalSocket::connectToServer: Connection refused"
Dec 22 16:22:16 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/rhianne/.openfortigui/vpnprofiles/Work VPN DR.conf"
Dec 22 16:22:16 openfortiGUI::Debug: vpnWorker::process::slot
Dec 22 16:22:17 openfortiGUI::Debug: 1608646937118 bytes avail:: 119
Dec 22 16:22:17 openfortiGUI::Debug: 1608646937318 bytes avail:: 51
Dec 22 16:22:17 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update "Work VPN DR" state 1
Dec 22 16:22:17 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update2 "Work VPN DR" state 1
Dec 22 16:22:17 openfortiGUI::Warning: Socket not open
Dec 22 16:22:17 openfortiGUI::Debug: 1608646937519 bytes avail:: 103
Dec 22 16:22:20 openfortiGUI::Debug: 1608646940588 bytes avail:: 103
Dec 22 16:22:21 openfortiGUI::Debug: VPN process "Work VPN DR" error occurred!
Dec 22 16:22:21 openfortiGUI::Debug: VPN process "Work VPN DR" finished!
Dec 22 16:22:21 openfortiGUI::Debug: 1608646941385 bytes avail:: 410
...the connection conf file;
[cert]
ca_file=
trusted_cert=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
user_cert=
user_key=
verify_cert=false
[options]
always_ask_otp=false
autostart=false
debug=false
half_internet_routers=false
insecure_ssl=false
otp_delay=0
otp_prompt=
pppd_call=
pppd_ifname=
pppd_ipparam=
pppd_log_file=
pppd_no_peerdns=false
pppd_plugin_file=
realm=
set_dns=true
set_routes=true
[vpn]
gateway_host=xxxx
gateway_port=10443
name=Work VPN DR
password="xxxxxxxx=="
username=xxx
and main.conf:
[checks]
sudopresenv=true
sudopresenv_lastos=focal
[gui]
main_toolbar_location=4
[main]
aesiv=xxxxxxxxxxxxxxxxx
aeskey=xxxxxxxxxxxxxxxx
changelogrev_read=12
debug=true
setupwizard=true
start_minimized=false
sudo_preserve_env=true
use_system_password_store=false
[paths]
globalvpnprofiles=/etc/openfortigui/vpnprofiles
initd=/etc/init.d/openfortigui
localvpngroups=~/.openfortigui/vpngroups
localvpnprofiles=~/.openfortigui/vpnprofiles
logs=~/.openfortigui/logs
Same bug here ...
CLI working :
sudo openfortivpn aaaa.xxx.zzz.yy:5443 -u user.name --trusted-cert=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[...] INFO: Interface ppp0 is UP. INFO: Setting new routes... INFO: Adding VPN nameservers... INFO: Tunnel is up and running.
sudo openfortivpn --version 1.12.0
But openfortigui ...
janv. 4 22:10:07 INFO: Start tunnel. DEBUG: server_addr: aaaa.xxx.zzz.yy DEBUG: server_port: 5443 DEBUG: gateway_addr: aaaa.xxx.zzz.yy DEBUG: gateway_port: 5443 DEBUG: Gateway certificate validation failed. DEBUG: Gateway certificate digest found in white list. INFO: Connected to gateway. janv. 4 22:10:07 ERROR: Could not authenticate to gateway (HTTP status code). INFO: Closed connection to gateway. DEBUG: server_addr: aaaa.xxx.zzz.yy DEBUG: server_port: 5443 DEBUG: gateway_addr: aaaa.xxx.zzz.yy DEBUG: gateway_port: 5443 DEBUG: Gateway certificate validation failed. DEBUG: Gateway certificate digest found in white list. INFO: Logged out.