openfortivpn icon indicating copy to clipboard operation
openfortivpn copied to clipboard

Published 20 hours ago verified publisher icon adrienverge

Cannot connect to a gateway - HTTP status code (405)

Open hanusek opened this issue 3 years ago • 11 comments 

DEBUG:  openfortivpn 1.16.0
DEBUG:  revision v1.16.0+git42.gabb1e29
DEBUG:  Loaded configuration file "/home/mhanusek/config.vpn".
DEBUG:  Loaded password from configuration file "/home/mhanusek/config.vpn"
DEBUG:  Configuration host = "AA.ZZ.YYY.XXX"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "7443"
DEBUG:  Configuration username = "mhanusek"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  SO_KEEPALIVE: 0
DEBUG:  SO_SNDBUF: 6
DEBUG:  SO_RCVBUF: 60
DEBUG:  server_addr: AA.ZZ.YYY.XXX
DEBUG:  server_port: 7443
DEBUG:  gateway_addr: AA.ZZ.YYY.XXX
DEBUG:  gateway_port: 7443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway. Please check the password, client certificate, etc.
DEBUG:  HTTP status code (405)
INFO:   Closed connection to gateway.
DEBUG:  SO_KEEPALIVE: 0
DEBUG:  SO_SNDBUF: 6
DEBUG:  SO_RCVBUF: 60
DEBUG:  server_addr: AA.ZZ.YYY.XXX
DEBUG:  server_port: 7443
DEBUG:  gateway_addr: AA.ZZ.YYY.XXX
DEBUG:  gateway_port: 7443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Logged out.

hanusek avatar Jul 14 '21 11:07 hanusek

Password issue?

Could not authenticate to gateway. Please check the password, client certificate, etc.

DimitriPapadopoulos avatar Jul 14 '21 19:07 DimitriPapadopoulos

Error 405 means Method Not Allowed.

Are you certain the VPN gateway allows VPN SSL? Are you able to connect to the VPN gateway with FortiClient using VPN SSL, not IPSec?

DimitriPapadopoulos avatar Jul 14 '21 19:07 DimitriPapadopoulos

See also #409.

DimitriPapadopoulos avatar Jul 14 '21 21:07 DimitriPapadopoulos

I also got this problem with new users, I will try to debug this Problem in anytime soon.. Existing users are working fine.. until now I'm on Forti-OS 6.2.7

govbetrieb avatar Aug 12 '21 08:08 govbetrieb

@govbetrieb Describe the platforms client-side (openfortivpn and OS version for example). Also are you certain the VPN gateway supports VPN SSL?

DimitriPapadopoulos avatar Aug 12 '21 13:08 DimitriPapadopoulos

Also what is the difference between old users (works) and new users (doesn't work)? Different VPN gateway? Different OS? Different version of openfortivpn?

DimitriPapadopoulos avatar Aug 12 '21 17:08 DimitriPapadopoulos

Update: It seems to be related to 2FA.. Im still trying to reproduce the error, but I have not enough time to do so atm

govbetrieb avatar Oct 05 '21 09:10 govbetrieb

Update: It seems to be related to 2FA.. Im still trying to reproduce the error, but I have not enough time to do so atm

did you a solution to that problem ?

delijati avatar Jun 07 '22 09:06 delijati

If new users have to use 2FA (or SSO) and old users do not, that is a major difference.

I would give OpenConnect a try, but you need to build the latest version from sources. Does OpenConnect help in your case?

DimitriPapadopoulos avatar Jun 08 '22 08:06 DimitriPapadopoulos

I have the same problem with "OpenConnect". I also get a timeout when i just try the WebPage of the VPN. So i assume it is the 2FA they use from M$ that is giving me access.

delijati avatar Jun 08 '22 12:06 delijati

Ir's probably SAML rather than 2FA. See Support SAML (Azure AD) auth with Fortinet .

DimitriPapadopoulos avatar Jun 08 '22 14:06 DimitriPapadopoulos