Helpful ReplyHot!MacOS Big Sur Fortclient VPN IPSec issues

Page: 12 > Showing page 1 of 2
Author
svl
New Member
  • Total Posts : 2
  • Scores: 5
  • Reward points: 0
  • Joined: 2020/11/14 06:56:41
  • Status: offline
2020/11/14 07:12:47 (permalink)
4.67 (3)

MacOS Big Sur Fortclient VPN IPSec issues

Just installed macOS Big Sur and cannot get a connection with Fortinet firewall VPN anymore, while it did work with macOS Catalina.
 
I tried Forticlient version 6.4 which seems to connect just fine (I get an IP in expected range), but ssh/ping does not work. And also I cannot access a intranet http/https page.
 
Also tried multiple versions of 6.0.x but they all fail to connect and show "Connection was terminated unexpectedly. Error -104". After that, the keyboard (Macbook 16 inch) even fails to register any pressed buttons. For example I open app "notes" and cannot type anything (with every keystroke a sound is played but nothing is written). The only way to get out of this situation is to click "connect to VPN" in forticlient again and before it gets to the error click "disconnect". Then all works as usual (except the VPN obviously).
 
Anyone else having these issues?
 
Update Nov 25th 2020: 
Ok, so after quite a bit of testing by the people who maintain our firewall, we managed to make IPSec VPN work with native Mac OS Big Sur VPN client. I am always amazed by the lack of Fortinet response in this type of issues, as the solution seems pretty simple in the end. Eventually the configuration at fortigate firewall stayed exactly as it was, the only configuration I needed to add locally (with respect to using the FortiClient software) is to add a group name under "Authentication Settings". So to make it work we:
  • Setup IPSec VPN in Mac OS Netwerk preferences (see also https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac) using fields server address, account name (my personal account name), password (my personal account password) and under "Authentication settings" the shared secret (the shared password) and Group Name (had to get this from the firewall maintainer and never had to fill this in for FortiClient before).
Hopefully this helps others to get Fortigate IPSec VPN work with both Mac OS Big Sur and MacOS Catalina (both tested with our config).
post edited by svl - 2020/11/25 05:15:02
#1
vtvincent
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/14 11:24:33
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/14 11:27:12 (permalink)
0
I'm seeing the same on 6.4.1.1267... IPSec VPN connects successfully but I can't access anything once connected. 
#2
LJSilva
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/15 03:53:40
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/15 03:58:23 (permalink) ☄ Helpfulby kcerb 2020/11/16 09:36:55
0
If you're only using Forticlient to connect to your VPN, in macOS Big Sur you no longer need it. The built-in Cisco IPsec VPN of Big Sur will now connect and correctly establish a tunnel to your Fortinet VPN and it's very stable and reliable. I never managed to to this in Catalina, but it seems Apple may have corrected or changed the Cisco IPSec code in Big Sur and it's now working like a charm. I tried it yesterday and it worked flawlessly.
#3
ivailoalexandrov
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/15 08:04:32
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/15 08:10:53 (permalink)
0
I have tried to use the built-in Apple Client, but with no success. This option should be allowed from the Fortinet firewall administrator. I have the same problem with 6.4.1.1267 and MacOS Big Sur. Hopefully Fortinet will provide an update... :)
#4
SteveG
Gold Member
  • Total Posts : 181
  • Scores: 16
  • Reward points: 0
  • Joined: 2014/11/19 00:26:22
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/15 11:36:40 (permalink)
0
The Native Mac OS VPN client has worked for years (I use a Mac). However Forticlient provides numerous AV and anti malware protections which you don't get with the Native Client. I've raised a ticket with FN Support so will report back. I'm guessing FortiClient 6.4.2 will be released very soon ;-) 
#5
mantaslin
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/01 11:54:05
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 00:34:46 (permalink)
0
The same problem with the forticlient v6.4.0. IPsec tunnel are establishing, routes are added but seems like packets are not entering to the tunnel.
#6
kcerb
Silver Member
  • Total Posts : 92
  • Scores: 2
  • Reward points: 0
  • Joined: 2007/09/19 23:51:51
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 00:43:13 (permalink)
0
Same with me. The connection is established, I get the IP address but no traffic goes through. I have tried different versions of the client. Even old versions worked on Catalina.
 
BTW:
On Mac OSX: have you tried to back up FortiClient settings and then restore it? For me, the restore does not work on any version of FortiClient.
post edited by kcerb - 2020/11/16 00:48:47

Attached Image(s)

#7
svl
New Member
  • Total Posts : 2
  • Scores: 5
  • Reward points: 0
  • Joined: 2020/11/14 06:56:41
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 01:38:52 (permalink)
0
What are your exact settings in the native client? I cannot get it to connect with:
 
Server address: the URL to vpn
Account name: my user name of VPN account
Password: my password of VPN account
Authentication settings -> Shared secret: the "pre-shared key" I recieved
 
Clicking "connect" with those settings leads to "The VPN server did not respond. Verify the server address and try reconnecting". But with above settings in forticlient on Catalina all works fine. And also, a ping to the server address works fine (no packet loss).
 
Update: also tried with IP address instead of DNS name but no success.
post edited by svl - 2020/11/16 07:10:17
#8
remosito
New Member
  • Total Posts : 12
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/02/08 03:31:17
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 03:15:34 (permalink)
0
we are seeing issue with big sur too.
 
forticlient connects. even shows up on ipsec monitor page. 
 
But no traffic goes through the tunnel
#9
Kiran
New Member
  • Total Posts : 4
  • Scores: 4
  • Reward points: 0
  • Joined: 2020/11/16 03:33:42
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 03:36:41 (permalink)
5 (1)
Same issue for me as well. Able to connect to IPSec VPN, but not able to open/connect to any internal URLs/Resources. And it's working fine for users with previous version of MacOS.
#10
Totoshka
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2020/11/16 03:55:24
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 05:01:36 (permalink) ☄ Helpfulby gawbul 2020/11/16 07:31:27
5 (1)
Kiran
Same issue for me as well. Able to connect to IPSec VPN, but not able to open/connect to any internal URLs/Resources. And it's working fine for users with previous version of MacOS.


The problem is similar. It all started after the update macOs Big Sur. 
 
 
 
#11
Kiran
New Member
  • Total Posts : 4
  • Scores: 4
  • Reward points: 0
  • Joined: 2020/11/16 03:33:42
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 06:51:56 (permalink)
0
https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac
I tried 'Enter VPN settings manually' in this doc and it worked for our IPSec VPN.
Until the FortiClient IPSec VPN issue with the latest MacOS is fixed you guys can try this Cisco IPSec VPN available in MacOS Big Sur.
#12
gawbul
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/16 07:29:43
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 07:32:58 (permalink)
0
Yes, having the same issue here. Had to install 6.2.7 first to connect to EMS and then upgrade to 6.4.1, but now can't connect to IPSec VPN. SSL VPN seems to work fine.
#13
s.roetner
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/16 08:01:06
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 08:16:52 (permalink)
0
I had the very same problem with SSL-VPN. Reinstalling FortiClient and adding a new connection with the exact same connection details did the trick for me.
 
After the first attempt using this new connection I got a prompt that Catalina will be the last version to support outdated system extensions : https://support.apple.com/de-de/HT210999 (german). I saw this message a few times before but not after upgrading to Big Sur. I am not sure what exactly went on behind the scenes, but wanted to let you know.
post edited by s.roetner - 2020/11/16 08:19:31
#14
Totoshka
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2020/11/16 03:55:24
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 08:46:12 (permalink)
0
Kiran
https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac
I tried 'Enter VPN settings manually' in this doc and it worked for our IPSec VPN.
Until the FortiClient IPSec VPN issue with the latest MacOS is fixed you guys can try this Cisco IPSec VPN available in MacOS Big Sur.


I think if there are alternatives, no one would write here  
#15
kcerb
Silver Member
  • Total Posts : 92
  • Scores: 2
  • Reward points: 0
  • Joined: 2007/09/19 23:51:51
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 09:27:37 (permalink)
0
The built-in Cisco IPsec VPN of Big Sur works fine for me. It adds routes correctly so it works even if you have split tunnel enabled. DNS resolution work fine too. Now I won't be using the Fortinet client anymore - there have always been problems with it ...
 
post edited by kcerb - 2020/11/16 09:29:15
#16
Kiran
New Member
  • Total Posts : 4
  • Scores: 4
  • Reward points: 0
  • Joined: 2020/11/16 03:33:42
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 09:32:45 (permalink) ☄ Helpfulby spoonmanmx 2020/11/16 17:31:34
5 (1)
Yeah, But unfortunately when I reached out to support, they said that currently there is no supported version for MacOS 11 yet and will be available in future versions. So thought that better to suggest some alternative to people who are suffered like me, until the fix is release.
#17
Pop
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/16 10:35:00
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 10:58:01 (permalink)
0
Hello
Similar problem with me. I try to use the native VPN IP sec of Big Sur but unable to pass the remote Fortinet firewall. The IT administrator of my company would not accept to change the rules only for me.
#18
jconegundes
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/16 10:54:52
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 11:05:33 (permalink)
0
Hi Guys!
 
The same thing happing here. Using Mac OS Big Sur (version 11.0.1 20B29), in MacBook Air (Retina, 13-inch, 2018) SSL VPN IPSEC don't work anymore. I'm using FortiClient version 6.4.1.1267. Trying native Apple Ipsec implementation (Cisco IPSEC) and, unfortunately, don't work too. SSL VPN still works. Does anyone know when we will have a new FortiClient version? 100% compatible with Mac OS Big Sur? Does anyone have any tips that worked to make IPSEC work? 
#19
kcerb
Silver Member
  • Total Posts : 92
  • Scores: 2
  • Reward points: 0
  • Joined: 2007/09/19 23:51:51
  • Status: offline
Re: MacOS Big Sur Fortclient VPN IPSec issues 2020/11/16 12:13:16 (permalink)
0
jconegundes
Does anyone know when we will have a new FortiClient version? 100% compatible with Mac OS Big Sur? 

Just read this thread (2 posts above):
Kiran
Yeah, But unfortunately when I reached out to support, they said that currently there is no supported version for MacOS 11 yet and will be available in future versions. 




#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5