search

adrienverge / openfortivpn

Client for PPP+TLS VPN tunnel services
GNU General Public License v3.0
2.7k stars 320 forks source link

Cannot connect to a gateway - HTTP status code (405) #909

Open hanusek opened 3 years ago

hanusek commented 3 years ago 
DEBUG:  openfortivpn 1.16.0
DEBUG:  revision v1.16.0+git42.gabb1e29
DEBUG:  Loaded configuration file "/home/mhanusek/config.vpn".
DEBUG:  Loaded password from configuration file "/home/mhanusek/config.vpn"
DEBUG:  Configuration host = "AA.ZZ.YYY.XXX"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "7443"
DEBUG:  Configuration username = "mhanusek"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  SO_KEEPALIVE: 0
DEBUG:  SO_SNDBUF: 6
DEBUG:  SO_RCVBUF: 60
DEBUG:  server_addr: AA.ZZ.YYY.XXX
DEBUG:  server_port: 7443
DEBUG:  gateway_addr: AA.ZZ.YYY.XXX
DEBUG:  gateway_port: 7443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway. Please check the password, client certificate, etc.
DEBUG:  HTTP status code (405)
INFO:   Closed connection to gateway.
DEBUG:  SO_KEEPALIVE: 0
DEBUG:  SO_SNDBUF: 6
DEBUG:  SO_RCVBUF: 60
DEBUG:  server_addr: AA.ZZ.YYY.XXX
DEBUG:  server_port: 7443
DEBUG:  gateway_addr: AA.ZZ.YYY.XXX
DEBUG:  gateway_port: 7443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Logged out.
DimitriPapadopoulos commented 3 years ago

Password issue?

Could not authenticate to gateway. Please check the password, client certificate, etc.
DimitriPapadopoulos commented 3 years ago

Error 405 means Method Not Allowed.

Are you certain the VPN gateway allows VPN SSL? Are you able to connect to the VPN gateway with FortiClient using VPN SSL, not IPSec?

DimitriPapadopoulos commented 3 years ago

See also #409.

govbetrieb commented 3 years ago

I also got this problem with new users, I will try to debug this Problem in anytime soon.. Existing users are working fine.. until now I'm on Forti-OS 6.2.7

DimitriPapadopoulos commented 3 years ago

@govbetrieb Describe the platforms client-side (openfortivpn and OS version for example). Also are you certain the VPN gateway supports VPN SSL?

DimitriPapadopoulos commented 3 years ago

Also what is the difference between old users (works) and new users (doesn't work)? Different VPN gateway? Different OS? Different version of openfortivpn?

govbetrieb commented 3 years ago

Update: It seems to be related to 2FA.. Im still trying to reproduce the error, but I have not enough time to do so atm

delijati commented 2 years ago

Update: It seems to be related to 2FA.. Im still trying to reproduce the error, but I have not enough time to do so atm

did you a solution to that problem ?

DimitriPapadopoulos commented 2 years ago

If new users have to use 2FA (or SSO) and old users do not, that is a major difference.

I would give OpenConnect a try, but you need to build the latest version from sources. Does OpenConnect help in your case?

delijati commented 2 years ago

I have the same problem with "OpenConnect". I also get a timeout when i just try the WebPage of the VPN. So i assume it is the 2FA they use from M$ that is giving me access.

DimitriPapadopoulos commented 2 years ago

Ir's probably SAML rather than 2FA. See Support SAML (Azure AD) auth with Fortinet .