13

How can I install and setup a fortinet SSL VPN client on a VPS that's running on Centos? I have problem to do it because all guide I have are all using GUI which is not installed on the VPS to save resource. (example: http://dbssolutions.freshdesk.com/solution/categories/1513/folders/3047/articles/1791-how-to-install-the-linux-fortinet-ssl-vpn-client)

I already have the linux version for the vpn client but not sure how to install and configure it only using the terminal.

Calua
  • 131
  • 1
  • 1
  • 4
  • @ben where did you get the cli client? i've download 2 different versions from fortinet support but none of them have cli support forticlientsslvpn_linux_4.0.2010.tar.gz forticlientsslvpn_linux_4.0.2012.tar.gz – gfa Mar 25 '13 at 15:29
  • just install xterm and requiered libraries on the vps and run the client with X over ssh (ssh -X user@host) – gfa Mar 25 '13 at 15:30
  • If there is a way to install .deb packages in CentOS, https://hadler.me/linux/forticlient-sslvpn-deb-packages/ – Jaime Hablutzel Mar 08 '17 at 00:26
  • 1
    Possible duplicate of [Connect to a Fortinet VPN with Ubuntu](https://serverfault.com/questions/152233/connect-to-a-fortinet-vpn-with-ubuntu) – GypsyCosmonaut Jan 20 '19 at 12:25
  • @gfa did you ever find the location of the CLI client? – stone.212 Sep 06 '19 at 08:08

5 Answers5

12

I spent a while trying to find documentation on this, and got this from a Fortinet Engineer.

  1. Install like any other using tar.gz file Then run below command in linux CLI
  2. Then run below command in linux CLI

./forticlientsslvpn_cli --server 172.17.97.85:10443 --vpnuser forti

Make sure the command run from the sslvpn directory. Substitute the IP address with the one of your server .

Ben Arent
  • 221
  • 2
  • 5
  • Just as @ben-arent suggested you can use the cli client for linux. I found it here: http://supportwiki.thelinuxfix.com/wiki/index.php/Installing_the_Management_SSL-VPN_Client –  Mar 28 '13 at 03:19
7

This is another short solution. Download & Install the client:

# wget -q http://kb.arubacloud.com/files/tar-gz/forticlientsslvpn_linux_4-0-2281-tar.aspx -O fortisslvpn.tgz && tar -xzf fortisslvpn.tgz
# cd forticlientsslvpn && ./helper/setup.linux.sh

Press Ctrl+C, Agree Their License (1st time only) & then connect to VPN by:

# yes | ./forticlientsslvpn_cli --server example_firewall_host:10443 --vpnuser example_user > /dev/null
Mr. Pundir
  • 226
  • 2
  • 3
5

You can try to configure your VPN without the Fortinet GUI. Here's a complete guide to IPSEC for linux http://www.ipsec-howto.org/ and you may want to try this:

The link is created by running pppd through a pseudo terminal that is created by pty-redir and connected to ssh. This is done with something similar to the following sequence of commands:

/usr/sbin/pty-redir /usr/bin/ssh -t -e none -o 'Batchmode yes' -c blowfish -i /root/.ssh/identity.vpn -l joe > /tmp/vpn-device
sleep 10

/usr/sbin/pppd `cat /tmp/vpn-device`
sleep 15

/sbin/route add -net 172.16.0.0 gw vpn-internal.mycompany.com netmask 255.240.0.0
/sbin/route add -net 192.168.0.0 gw vpn-internal.mycompany.com netmask 255.255.0.0

What this does is run ssh, redirecting the input and output to pppd. The options passed to ssh configure it to run without escape characters (-e), using the blowfish crypto algorithm (-c), using the identity file specified (-i), in terminal mode (-t), with the options 'Batchmode yes' (-o). The sleep commands are used to space out the executions of the commands so that each can complete their startup before the next is run.

From "Bring up the link"

Next section, "Scripting" may help you as well to configure and run your VPN client. There's additional information in the ubuntu documentation.

Javier Constanzo
  • 249
  • 1
  • 6
5

Coded some Expect script like this:

#!/usr/bin/expect
spawn /opt/local/forticlientsslvpn/64bit/forticlientsslvpn_cli --server vpn_host:port --vpnuser user1
expect "Password for VPN:"
send "password\r"
#expect "*(Y/N)"
#send "Y\r"
interact
techraf
  • 4,163
  • 8
  • 27
  • 44
harper
  • 51
  • 1
  • 1
0

On CentOS7, install openfortivpn.

sudo yum install openfortivpn and then try connect using

sudo openfortivpn <ip-address>:<port> -u <user_name> it gives the Gateway certification validation error.

ERROR: Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, ERROR: --trusted-cert <alpha_numeric_cert>......

Now re-run the above command by adding --trusted-cert <alpha_numeric_cert>.

sudo openfortivpn <ip-address>:<port> -u <user_name> --trusted-cert <alpha_numeric_cert>

Now it gives the vpn password prompt to connect. Check this link for reference.

P.S. Tried with forticlientvpn but not succeeded in bringing X11 forwarding with ssh -X user@ip-address' and ssh -Y user@ip-address on my windows10 machine. After SSH,forticlient command giving connect 127.0.0.1 port 6000: Connection refused

(forticlient:24694): Gtk-WARNING **: 03:58:51.167: cannot open display: 10.0.2.165:11.0 error.

skg
  • 41
  • 1
  • 5