Join Log in
Score:2
avatar Ubuntu

Forticlient VPN stopped working after upgrade to 23.04

cn flag
alci

EDIT/WORKAROUND: disabling IPv6 works the problem around.

My Forticlient VPN stopped working after I upgraded to 23.04.

The symptom is that after entering my user and password into Forticlient, it connects, then disconnects immediatly.

I desinstalled / resinstalled, upgraded from forticlient 6.4 to 7.0, but it didn't help. Exact same configuration on 22.10 works.

Looking at the logs of failed attempt (23.04), it seems there might be a problem with ifupdown script (?):

mai 15 20:34:04 tibook NetworkManager[4875]: <info>  [1684175644.9842] manager: (vpn001782c1f8): new Tun device (/org/freedesktop/NetworkManager/Devices/11)
mai 15 20:34:04 tibook NetworkManager[4875]: <info>  [1684175644.9929] device (vpn001782c1f8): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
mai 15 20:34:04 tibook NetworkManager[4875]: <info>  [1684175644.9934] device (vpn001782c1f8): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
mai 15 20:34:04 tibook NetworkManager[4875]: <info>  [1684175644.9940] device (vpn001782c1f8): Activation: starting connection 'vpn001782c1f8' (d337717e-af5e-4281-a525-c735bf2acf27)
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0014] device (vpn001782c1f8): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0016] device (vpn001782c1f8): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0017] device (vpn001782c1f8): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0020] device (vpn001782c1f8): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook dbus-daemon[4249]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.20' (uid=0 pid=4875 comm="/usr/sbin/NetworkManager --no-daemon" label="unconfined")
mai 15 20:34:05 tibook systemd[1]: Starting NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service...
mai 15 20:34:05 tibook dbus-daemon[4249]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
mai 15 20:34:05 tibook systemd[1]: Started NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service.
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0614] device (vpn001782c1f8): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0618] device (vpn001782c1f8): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.0626] device (vpn001782c1f8): Activation: successful, device activated.
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.3451] audit: op="connection-update" uuid="80105f36-446d-4d91-99bd-a8ece752c6d7" name="fougeres" args="ipv4.ignore-auto-dns" pid=221215 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.3687] audit: op="connection-update" uuid="80105f36-446d-4d91-99bd-a8ece752c6d7" name="fougeres" args="ipv4.dns" pid=221220 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.3879] audit: op="connection-update" uuid="80105f36-446d-4d91-99bd-a8ece752c6d7" name="fougeres" pid=221225 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4050] audit: op="device-reapply" interface="wlo1" ifindex=2 args="ipv4.dns,ipv4.ignore-auto-dns" pid=221230 uid=0 result="success"
mai 15 20:34:05 tibook nm-dispatcher[221235]: /etc/NetworkManager/dispatcher.d/01-ifupdown: called with unknown action `reapply'
mai 15 20:34:05 tibook nm-dispatcher[221135]: req:3 'reapply' [wlo1], "/etc/NetworkManager/dispatcher.d/01-ifupdown": complete: failed with Script '/etc/NetworkManager/dispatcher.d/01-ifupdown' exited with status 1.
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4364] dhcp4 (wlo1): canceled DHCP transaction
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4364] dhcp4 (wlo1): activation: beginning transaction (timeout in 45 seconds)
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4364] dhcp4 (wlo1): state changed no lease
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4370] dhcp4 (wlo1): activation: beginning transaction (timeout in 45 seconds)
mai 15 20:34:05 tibook avahi-daemon[4244]: Withdrawing address record for fe80::a78d:f53f:ef19:1ef5 on wlo1.
mai 15 20:34:05 tibook avahi-daemon[4244]: Leaving mDNS multicast group on interface wlo1.IPv6 with address fe80::a78d:f53f:ef19:1ef5.
mai 15 20:34:05 tibook avahi-daemon[4244]: Interface wlo1.IPv6 no longer relevant for mDNS.
mai 15 20:34:05 tibook avahi-daemon[4244]: Joining mDNS multicast group on interface wlo1.IPv6 with address fe80::a78d:f53f:ef19:1ef5.
mai 15 20:34:05 tibook avahi-daemon[4244]: New relevant interface wlo1.IPv6 for mDNS.
mai 15 20:34:05 tibook avahi-daemon[4244]: Registering new address record for fe80::a78d:f53f:ef19:1ef5 on wlo1.*.
mai 15 20:34:05 tibook dnsmasq[8509]: reading /etc/resolv.conf
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client reset search domain list.
mai 15 20:34:05 tibook dnsmasq[8509]: using nameserver 127.0.0.53#53
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client set default route setting: no
mai 15 20:34:05 tibook dnsmasq[8509]: using only locally-known addresses for lxd
mai 15 20:34:05 tibook dnsmasq[8509]: reading /etc/resolv.conf
mai 15 20:34:05 tibook dnsmasq[8509]: using nameserver 127.0.0.53#53
mai 15 20:34:05 tibook dnsmasq[8509]: using only locally-known addresses for lxd
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client reset DNS server list.
mai 15 20:34:05 tibook NetworkManager[4875]: <warn>  [1684175645.4635] dispatcher: (21) /etc/NetworkManager/dispatcher.d/01-ifupdown failed (failed): Script '/etc/NetworkManager/dispatcher.d/01-ifupdown' exited with status 1.
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4684] dhcp4 (wlo1): state changed new lease, address=10.0.0.22
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client set default route setting: yes
mai 15 20:34:05 tibook systemd-resolved[184505]: wlo1: Bus client set DNS server list to: 10.254.2.8, 192.168.100.40
mai 15 20:34:05 tibook plasmashell[13606]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Filename"
mai 15 20:34:05 tibook kded5[13159]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Filename"
mai 15 20:34:05 tibook kded5[13159]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Flags"
mai 15 20:34:05 tibook plasmashell[13606]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Flags"
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4847] audit: op="connection-update" uuid="d337717e-af5e-4281-a525-c735bf2acf27" name="vpn001782c1f8" args="ipv4.dns,connection.timestamp" pid=221236 uid=0 result="success"
mai 15 20:34:05 tibook NetworkManager[4875]: <info>  [1684175645.4957] device (vpn001782c1f8): state change: activated -> unmanaged (reason 'connection-assumed', sys-iface-state: 'managed')
mai 15 20:34:05 tibook systemd-resolved[184505]: vpn001782c1f8: Bus client set default route setting: no
mai 15 20:34:05 tibook nm-dispatcher[221263]: /etc/NetworkManager/dispatcher.d/01-ifupdown: called with unknown action `reapply'
mai 15 20:34:05 tibook nm-dispatcher[221135]: req:5 'reapply' [vpn001782c1f8], "/etc/NetworkManager/dispatcher.d/01-ifupdown": complete: failed with Script '/etc/NetworkManager/dispatcher.d/01-ifupdown' exited with status 1.

Successful connection log with a 22.04 VM gives:

mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3507] manager: (vpn004e1bc85f): new Tun device (/org/freedesktop/NetworkManager/Devices/7)
mai 16 08:13:59 etabli22 systemd-udevd[3116]: Using default interface naming scheme 'v249'.
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3599] device (vpn004e1bc85f): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3602] device (vpn004e1bc85f): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3612] device (vpn004e1bc85f): Activation: starting connection 'vpn004e1bc85f' (cf5db700-b9ba-4a59-9d38-06b6c0414e34)
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3636] device (vpn004e1bc85f): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3638] device (vpn004e1bc85f): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3639] device (vpn004e1bc85f): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3640] device (vpn004e1bc85f): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 dbus-daemon[700]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.11' (uid=0 pid=701 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
mai 16 08:13:59 etabli22 systemd[1]: Starting Network Manager Script Dispatcher Service...
mai 16 08:13:59 etabli22 dbus-daemon[700]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
mai 16 08:13:59 etabli22 systemd[1]: Started Network Manager Script Dispatcher Service.
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3731] device (vpn004e1bc85f): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3733] device (vpn004e1bc85f): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.3736] device (vpn004e1bc85f): Activation: successful, device activated.
mai 16 08:13:59 etabli22 systemd-resolved[3005]: Using degraded feature set TCP instead of UDP for DNS server 10.254.2.8.
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.7613] audit: op="connection-update" uuid="d8162531-6770-3746-b7ff-57248dcf1521" name="Connexion filaire 1" pid=3194 uid=0 result="success"
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.7827] audit: op="connection-update" uuid="d8162531-6770-3746-b7ff-57248dcf1521" name="Connexion filaire 1" pid=3198 uid=0 result="success"
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.8009] audit: op="connection-update" uuid="d8162531-6770-3746-b7ff-57248dcf1521" name="Connexion filaire 1" pid=3202 uid=0 result="success"
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.8127] audit: op="device-reapply" interface="enp0s3" ifindex=2 pid=3206 uid=0 result="success"
mai 16 08:13:59 etabli22 NetworkManager[701]: <info>  [1684217639.8310] audit: op="connection-update" uuid="cf5db700-b9ba-4a59-9d38-06b6c0414e34" name="vpn004e1bc85f" args="ipv4.dns" pid=3210 uid=0 result="success"
mai 16 08:13:59 etabli22 systemd-resolved[3005]: vpn004e1bc85f: Bus client set default route setting: no
mai 16 08:13:59 etabli22 systemd[1]: Stopping Network Name Resolution...
mai 16 08:13:59 etabli22 systemd[1]: systemd-resolved.service: Deactivated successfully.
mai 16 08:13:59 etabli22 systemd[1]: Stopped Network Name Resolution.
mai 16 08:13:59 etabli22 systemd[1]: Starting Network Name Resolution...
mai 16 08:13:59 etabli22 systemd-resolved[3219]: Positive Trust Anchors:
mai 16 08:13:59 etabli22 systemd-resolved[3219]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
mai 16 08:13:59 etabli22 systemd-resolved[3219]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
mai 16 08:13:59 etabli22 systemd-resolved[3219]: Using system hostname 'etabli22'.
mai 16 08:13:59 etabli22 systemd[1]: Started Network Name Resolution.
866
0 + 2
vpn
Aooo Rooo avatar
kg flag
Aooo Rooo
Forticlient VPN doesn't support Ubuntu 23.04 yet. Until official support comes, you can use [this](https://community.fortinet.com/t5/Support-Forum/FortiClient-7-2-0-0644-not-connecting-since-update-on-kubuntu-23/m-p/254226/highlight/true#M211288) workaround.
2
Reply
cn flag
alci
I finally simply used openfortivpn, and this works fine. I was assuming Forticlient was necessary and doing some clever client side controls, but I don't really need it to connect to this site...
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.