Client behind Fortigate firewall

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
niksa
OpenVpn Newbie
Posts: 1
Joined: Sat Mar 10, 2018 2:06 pm

Client behind Fortigate firewall

Post by niksa » Sat Mar 10, 2018 2:43 pm

Hello,

I have a client which is behind a restrictive Fortigate firewall. I've had to use TCP over port 443 and it works, but the connection drops frequently. I thought that the Fortigate detects VPN traffic and drops it, but then I noticed that if I increase OpenVPN ping parameter to 3600, the connection remains up for an hour or so. So it must have something to do with OpenVPN keepalive mechanism, which I must admit I am puzzled with. For one thing, it is not clear from the manual if keepalive can be disabled, and what are the consequences (do I risk losing the connection permanently). Also, are ping attempts logged on either side? I can't see anything about it in the log. Alternatively, how do I capture just the ping packets with tcpdump?

Post Reply