adrienverge / openfortivpn

Hello, I'm trying to connect to a remote VPN through the command
sudo openfortivpn -c /etc/openfortivpn/my-config
And such as issue #1013, I start it it and after a minute or so it bails out with the time out message.
I followed the suggestion of retrieving the log information with the -v flag, and I share with you the output:

DEBUG: openfortivpn 1.20.5
DEBUG: revision unavailable
DEBUG: Loaded configuration file "/etc/openfortivpn/my-config".
DEBUG: Loaded password from configuration file "/etc/openfortivpn/my-config"
DEBUG: Configuration host = "---.---.-.--"
DEBUG: Configuration realm = ""
DEBUG: Configuration port = "10443"
DEBUG: Configuration username = "user.name"
DEBUG: Resolving gateway host ip
DEBUG: Establishing ssl connection
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPALIVE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 8
DEBUG: server_addr: ---.---.-.--
DEBUG: server_port: 10443
DEBUG: gateway_ip: ---.---.-.--
DEBUG: gateway_port: 10443
ERROR: connect: Operation timed out
INFO: Closed connection to gateway.
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPALIVE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 8
DEBUG: server_addr: ---.---.-.--
DEBUG: server_port: 10443
DEBUG: gateway_ip: ---.---.-.--
DEBUG: gateway_port: 10443
ERROR: connect: Operation timed out
INFO: Could not log out.

I've used this command successfully until recent days, I'm not sure if some OS update had make this fail continuously.
My machine is an iMac from 2020(M1) running macOS Sonoma 14.1.1

Could this be a temporary problem on the server side? Alternatively the server may have been upgraded and is not happy with the information sent by openfortivpn. Does the official FortiClient work?

Official FortiClient works for my teammates with Windows, but has never worked for me on my macOS machine, that's why I ended enabling the VPN with openfortivpn

The error message originates here:

openfortivpn/src/tunnel.c

Lines 815 to 819 in bf94c2f

    
           ret = connect(handle, (struct sockaddr *) &server, sizeof(server)); 
        
           if (ret) { 
        
           	log_error("connect: %s\n", strerror(errno)); 
        
           	goto err_connect; 
        
           }

It looks like the initial TCP connection to the VPN server fails. FortiClient on Windows usually relies on IPSec. On Linux and macOS, openfortivpn, and probably FortClient too, rely on TLS/DTLS. Perhaps your VPN server has been upgraded and offers only IPSec VPN, not TLS VPN. Is port 443 of your VPN server reachable?

Interesting your thoughts on the issue, thank you for that. The port is 10443 and by executing nc looks like is not reachable.

But doing ping to the ip address does show connection.

I reviewed the case with my network team and it was a whitelisting related issue, thank you!

Thank you for coming back to use with the solution to your problem.

	ret = connect(handle, (struct sockaddr *) &server, sizeof(server));
	if (ret) {
	log_error("connect: %s\n", strerror(errno));
	goto err_connect;
	}

connect: Operation timed out - MAC issue