IPCP: timeout sending Config-Requests

[codefitz]

Hi,

I had this setup in a new Budgie VM with openfortisgui and it was all working and connecting beautifully. Then I changed the VM interface connection from NAT to Bridged and it stopped working. I can verify the VPN (Fortis Client) is still working on my Windows Host system so it doesn't appear to be a server-side or login/password issue.

It fails on the CLI (with sudo) as well as the GUI.

(edited to add logs)

GUI Log:

INFO:   Start tunnel.
INFO:   Connected to gateway.
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/0
INFO:   Got addresses: [10.152.18.74], ns [10.152.19.30, 10.152.19.30]
INFO:   negotiation complete
IPCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
ERROR:  read: Input/output error
INFO:   Cancelling threads...
INFO:   Setting ppp interface down.
INFO:   Restoring routes...
INFO:   Removing VPN nameservers...
INFO:   pppd: The link was terminated by the modem hanging up.
INFO:   Terminated pppd.
INFO:   Closed connection to gateway.
INFO:   Logged out.

CLI Log:

sudo openfortivpn <ip address>:443 -u <user> --trusted-cert xxxxx
[sudo] password for <user>: 
WARN:   Bad port in config file: "0".
VPN account password: 
INFO:   Connected to gateway.
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
INFO:   Got addresses: [10.152.18.83], ns [10.152.19.30, 10.152.19.30]
ERROR:  read: Input/output error
INFO:   Cancelling threads...
INFO:   Terminated pppd.
INFO:   Closed connection to gateway.
INFO:   Logged out.

[DimitriPapadopoulos]

One of the differences between NAT and bridged is the IP address. Something between openfortivpn and the Fortinet appliance may behave differently with the different bridged IP address but not the host address used in NAT.

Also which Linux distribution is running on the VM? Could you perhaps try with an Ubuntu or Debian VM to rule out any issue with the distribution itself? Could you perhaps try the official FortiClient and find whether it fails the same way? Finally I would be interested in the ppp log.

[codefitz]

Hi @DimitriPapadopoulos

I'm running Ubuntu Budgie distribution - 4.18.0-22-generic 18.04.1.

I tried the official FortiClient - but it doesn't give a VPN option (I'm doing this for a customer and they use Fortinet so I'm not using the paid client), hence why I looked toward the open source solution (and I always favour open source anyway).

I would share the PPP log if I knew where it was?

[DimitriPapadopoulos]

Use the --pppd-log=<file> option.

The official FortiClient used to have a VPN option. It should still be the case but I don't know where to find it.. For the purpose of testing and comparing different implementations you might perhaps try Forticlient – SSLVPN .deb packages.

[DimitriPapadopoulos]

By the way, pppd is installed, isn't it? What's the output of ls -l /usr/sbin/pppd?

[mrbaseman]

if it was working fine before he has changed the interface of the vm from being a nat interface to a bridged one, I assume pppd is installed. but searching for "IPCP: timeout sending Config-Requests" one finds a lot of problem reports in the context of pppd. So, a log file of pppd would probably be very helpful for identifying the root cause of this problem.

[codefitz]

I must be honest with you, I had to get this up and running for work so I switched back to the NAT'd interface.

I do want to contribute to the bugfix anyway I can though, so if I get the chance to test I'll send the logs of pppd. Does it require that I be back on Bridged network, or will NAT do?

[DimitriPapadopoulos]

We probably won't find anything in the logs unless you're in bridged mode.