Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rajeesh
New Contributor

Network error. Can not connect to vpn server- SSL VPN error on big sur

We are getting "Network error. Can not connect to vpn server"  error while connecting SSL VPN on Big sur os.   We are using FortiGate AZUREONDEMAND firewall with  v6.4.2 build1723 (GA).
14 REPLIES 14
James1
New Contributor II

Enter the IP address instead of hostname. 

be_fg
New Contributor II

Hi,

 

we are facing the exact same issue on our Mac OS Clients with different OS versions. (Big Sur, Monterey).

If we enter the FQDN of the Remote-Gateway we get the "network error" message, as soon as we enter the IPv4-Address of the Remote-Gateway we can connect without any problem.

-> entering the fix IPv4-Address is no solution, so how this can be fixed?

 

Just to be clear, there are no general DNS-issues on our side. The clients can resolve the FQDN by nslookup without any issues.

 

In the FortiClient Logs there is the following entry:

NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://FQDN.fortiddns.com:10443/remote/info, NSErrorFailingURLStringKey=https://FQDN.fortiddns.com:10443/remote/info, NSUnderlyingError=0x60000332d620 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)"

________________________________________________
"Many hands make light work."
________________________________________________"Many hands make light work."
redieramos

This temporarily solved the issue but I'm also hoping to use FQDN. Setting the certificate to always trust doesn't help.

Adolfo_Z_H
Staff
Staff

it is not a Fortinet issue, per latest security specs from apple, you need to use a valid CA certificate to connet to VPNSSL portal using a FQDN on the client configuration

 

https://support.apple.com/en-ca/HT210176

 

Secure Access Team LATAM TAC
boxsters1423
New Contributor

I also have the problem with 7.0.2 on macOS Monterey 12.1 but no problem with 7.0.1 on same macOS both with name.

boxsters1423

By approving the certificates it's ok.

CalBryant

Approving the certificate is not working for me.  It seems to be an issue with the SHA signature.

CalBryant
New Contributor

Any luck on this issue?  I'm trying to trouble shoot this currently.  From what I can tell, the certificate is SHA1 signed and MacOS is requiring SHA2 signature key.

etiennearaya

Hi, I have luck,

 

This solution is for SSL VPN only. 

 

I look into fortitray.log and able to see the problem was a not valid SSL certificate.

 

Screen Shot 2022-04-11 at 21.23.00.png

In the above image, forticlient try to visit a URL with not valid certificate that generate error. 

 

try to go this site:

 

https://<DESTINATION VPN SITE>:443/remote/info  in Safari browser it will show you a warning because the SSL certificate is not valid, visit the site and it will prompt you accept certificate with your password. 
 
And finally try to connect. 
 
I hope you can connect to your VPN.
 
Regards 
Etienne
 
Labels
Top Kudoed Authors