Openfortivpn: an Open Source Alternative to Fortinet’s SSLVPN Client

Abstract

Guidance on installing and using Openfortivpn.

Introduction

Ever since I started using Linux a few years ago, I have grown more and more affection for it. However, for a few months, I have been facing a challenge that forces me to use Windows. This is because my company requires that all connections to internal resources should be routed through SSL VPN provided by FortiClient; but unfortunately, FortiClient for Linux does not provide VPN functionality.

I have been bothered by this problem for quite some time, until recently I discovered openfortivpn (Github repo), which is a compatible open source alternative to Fortinet’s SSL-VPN Client.

I think this software is worth mentioning, so I created this post. However, I am not going to give a very thorough introduction since the usage turns out to be very simple, at least for my use case.

Installation

For Ubuntu 18.04 and later, openfortivpn can be installed directly using:

sudo apt install openfortivpn

Usage

First, open the configuration file /etc/openfortivpn/config and add the following lines:

host = <vpn-gateway>
port = <port-number>
username = <foo>
password = <bar>
trusted-cert = <a sha256sum>

Note that if you don’t know the trusted-cert, you can skip that line and try to start the vpn (see below); the error message should contain a line that shows the sha256sum. You can copy that sha256sum and put it in the configuration file.

Then, run the following command in terminal:

sudo openfortivpn # use the `-c` option to specify a different configuration file

If the connection is successful, you should see a message like this:

INFO:   Tunnel is up and running.