ERROR: Could not authenticate to gateway (No cookie given).

[123avi]

I am using version 1.6.0 this is how my config file looks like :

# config file for openfortivpn, see man openfortivpn(1)
host = xx.xxx.xxx.x
port = 443
username = xxx.xxx
password = xxxxxxxxxx
#set-dns = 0
###set-routes = 0
### X509 certificate sha256 sum, trust only this one!
trusted-cert = 665x7faa930a46d84ca2b578f379c2fc62bfae8779471c5edf954c61700e14xe

however when running I am getting the following error :

$ sudo openfortivpn
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway (No cookie given).
INFO:   Closed connection to gateway.
INFO:   Logged out.

[DimitriPapadopoulos]

Among the reasons for this error in the past:

• wrong password
• not authorized to connect to the VPN device
• ...

See for example #49.

Try defining the configuration using command line options instead. Perhaps you could run openfortipvn with the -v option for a verbose log. If you have the possibility to test the official FortiClient, please do. Does it work any better?

[123avi]

actually I even tried config of colleague of mine with his credentials and I got the same error . btw he is using the same version and successfully login . using the verbose option I get the following output :

DEBUG:  Loaded config file "/etc/openfortivpn/config".
DEBUG:  Config host = "xx.xxx.xxx.x"
DEBUG:  Config realm = ""
DEBUG:  Config port = "443"
DEBUG:  Config username = "xxx.xxx"
DEBUG:  Config password = "********"
DEBUG:  server_addr: xx.xxx.xxx.x
DEBUG:  server_port: 443
DEBUG:  gateway_addr: xx.xxx.xxx.x
DEBUG:  gateway_port: 443
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway (No cookie given).
INFO:   Closed connection to gateway.
DEBUG:  server_addr: xx.xxx.xxx.x
DEBUG:  server_port: 443
DEBUG:  gateway_addr:  xx.xxx.xxx.x
DEBUG:  gateway_port: 443
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Logged out.

[DimitriPapadopoulos]

OK, so it works with you colleague's account but not yours. Then I guess we need to focus on differences between your account and your colleague's account.

• The reason might be incorrect credentials.
• Otherwise there might be subtle differences between your accounts on the FortiGate device. I've never seen a FortiGate device myself so I cannot really help with respect to FortiGate configuration. @mrbaseman Any clue what they should be looking for?
• @123avi Have you ever been able to connect to this VPN? Using FortiClient from a Windows or another Linux machine?

[123avi]

I mean it works on my colleague's machine. I used his config file on my machine and got the error. so we used the same version and same configuration

I will try fortigate shortly (downloading and installing)

[123avi]

Sorry it seems that there was an issue on my machine and my credentials

[mrbaseman]

The source ip address would be another point to verify: you can restrict vpn access to specific networks, but I'm not sure if such restrictions can be configured based on individual vpn user accounts. For admin users this is common practice, but usually not for vpn users.

A scenario could be that the vpn is used to grant access to the office network for employees that are connected to a guest wifi, so they are already on the companies network, i.e. not coming from the internet, but they are not yet in the inner security zone.

Anyhow, this would be a restriction on the allowed source networks but independent from the vpn user. So, it's not really related to the discussion here, but it might be relevant for others who come across this thread in the future.