search

adrienverge / openfortivpn

Client for PPP+TLS VPN tunnel services
GNU General Public License v3.0
2.74k stars 321 forks source link

Cannot connect to Fortigate 7.4.4 SSLVPN "Error reading from SSL connection" #1233

Open Voriaz opened 4 months ago

Voriaz commented 4 months ago

Hi,

I have an issue connecting to a Fortigate SSLVPN using openfortivpn. The issue appears right after an upgrade of the Fortigate (7.2.8 -> 7.4.4). It was working perfectly fine before (launched regularly via cron task).

OpenfortiVPN verbose logs say: 

Error issuing /remote/login request 
Could not authenticate to gateway. Please check the password, client certificate, etc. 
SSL error (-4) 
Closed connection to gateway."

I suspected a TLS issue, so I upgraded openfortivpn to latest version (manual compiled install) on a recent Debian12 VM without success. I also tested on Ubuntu 24.04 with lastest apt package.

When inspecting the Fortigate debug log, I see do_http_validate:447 Content-Length (11) on uri (/remote/login) not allowed.

Is this something related to openfortivpn not up to date with lastest fortiVPN specs or is it a bug in latest fortiOS version ?

Please see attached redacted logs from openfortivpn and fortigate. openfortivpn.log FWVPN.log

Thanks,

A.

Voriaz commented 4 months ago

I found that probably the procotol has changed on FortiOS. I proposed a pull request that fixes that: #1234