Invalid session ID error when trying to connect from a different network about openfortivpn HOT 5 OPEN

Which country are you visiting? This country may have a "great firewall" that forbids VPN connections.

from openfortivpn.

Which country are you visiting? This country may have a "great firewall" that forbids VPN connections.

It's Germany, so I would be a bit surprised about such a firewall. I am at an academic institution so I would be also surprised if they were blocking VPNs. They do not seem to be blocking HTTPS traffic.
Would there be a way you know of to make sure if it's a network block or another issue?

from openfortivpn.

I tried to use my phone connection (sharing it with my computer as a WiFi hotspot), and it worked, so I am guessing there may be some blocking in the network. I wonder if there may be workarounds...

from openfortivpn.

I guess it's not a "great firewall", but it might be another security appliance at the institution you are visiting, which does deep packet inspection on https traffic. If that's the case, workarounds are difficult. Which one is the winner? The VPN which tries to protect your traffic or the appliance, which tries to protect the network you are on against uncontrolled traffic? ;)

Maybe there are different wifi networks with different policies, so switching to another one might solve the problem. If not, maybe talk to the network security department of the institution. Perhaps they have a solution at hand (if they are really doing deep packet inspection).

Another possibility could also be an attacker who operates another wifi with the same SSID and tries to fish the credentials. In that case it would be the right thing that the vpn connection doesn't get established.

The difference between the two cases is just if it's a good guy (security staff) or a bad guy (attacker) who is trying to inspect your ssl vpn traffic. The security staff might trust your home organization and configure an exception for your vpn connection. If it's not them doing deep-inspection, they are probably thankful for the hint and want to have a closer look what's going on in their network ;)

But it's perhaps not that exciting. It could also be something simpler, like packet fragmentation in combination with wrong mtu settings or so, which breaks the establishment of the ssl connection

from openfortivpn.

Many institutions, including academic ones, forbid the use of VPNs from their internal network on purpose, for obvious reasons. They may also inadvertently disable VPNs on visitors' networks.

Was your computer connected to the internal network of an academic institution, or an external network such as Eduroam?

from openfortivpn.