Re: Issue connecting to Fortigate SSL VPN using NM GUI

Fri, 25 Jan 2019 13:26:30 -0800 

Hello guys,

Thank you both for your answers!
I don't have SELinux enabled and ufw was also not enabled, although I've enabled it and added a rule to accept GRE traffic anyway. 

Here are the new logs after adding the debug option to the daemon:

https://paste.gnome.org/pwzhdqf9f

It still does not work, unfortunately.
When connecting using command line, it takes ~2 secs connecting to the VPN service. 

Best regards,

Bruno

On 23/01/19 03:10, Greg Oliver via networkmanager-list wrote:
On Sun, Jan 20, 2019 at 1:51 AM Berend De Schouwer via networkmanager-list <networkmanager-list@gnome.org <mailto:networkmanager-list@gnome.org>> wrote: 

    On Tue, 2019-01-15 at 23:27 +0000, br...@bmartins.pt
    <mailto:br...@bmartins.pt> wrote:
    > Hello everyone,
    >
    > I'm using Ubuntu 18.04 fully updated and currently having issues
    > connecting to my company's VPN service using NetworkManager GUI.

    Works for me (to our company's Forti VPN) on Fedora 29. So it can
    work.


    > If I manually connect from CLI using "sudo openfortivpn
    > gateway.company.com:443 <http://gateway.company.com:443> -u
    mys...@company.com <mailto:mys...@company.com>" everything works as
    > expected.
    >
    > Log messages written to /var/log/syslog were pasted here:
    > https://paste.gnome.org/ph1gz6fvg
    >
    > It looks like a timeout occurs, but I don't know where I can
    increase
    > it.

    The timeout looks long enough.  How long does it take to connect when
    running 'sudo ...'?

    I suspect it's running into selinux rules since it works running as
    sudo.  Maybe look at audit.log or try with selinux disabled.

    You can increase pppd's debug info by editing /etc/ppp/options and
    adding 'debug' (needs selinux off)
If it requires GRE, I have found in later Fedora's, I have to manually alter the firewall to make them all work:
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT 

_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to