when you updated your
firmware of fortigate or setup new sslvpn, if you are using certificate other than
factory default you might have issue to connect to sslvpn
from fortigate
debug:
Inovfw10 #
[18907:root:fc]allocSSLConn:280 sconn 0x7f820714c000 (0:root)
[18907:root:fc]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fc]SSL
state:before SSL initialization:DH lib(208.98.207.34)
[18907:root:fc]SSL_accept
failed, 5:(null)
[18907:root:fc]Destroy
sconn 0x7f820714c000, connSize=0. (root)
[18907:root:fd]allocSSLConn:280
sconn 0x7f820714c000 (0:root)
[18907:root:fd]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fd]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fd]SSL
state:fatal handshake failure (208.98.207.34)
[18907:root:fd]SSL
state:error:(null)(208.98.207.34)
[18907:root:fd]SSL_accept
failed, 1:no shared cipher
[18907:root:fd]Destroy
sconn 0x7f820714c000, connSize=0. (root)
[18907:root:fe]allocSSLConn:280
sconn 0x7f820714c000 (0:root)
[18907:root:fe]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fe]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fe]SSL
state:fatal handshake failure (208.98.207.34)
[18907:root:fe]SSL
state:error:(null)(208.98.207.34)
[18907:root:fe]SSL_accept
failed, 1:no shared cipher
[18907:root:fe]Destroy
sconn 0x7f820714c000, connSize=0. (root)
The server you want
to connect to requests identification, please choose a certificate and try
again. (-5)
from Fortigate GUI:
gui vpn events:
Log
Description SSL VPN exit error
Action
|
ssl-exit-error
|
Reason
|
N/A
|
solution:
conf vpn ssl
settings
set algorithm medium
No comments:
Post a Comment