openfortivpn is a client for PPP+SSL VPN tunnel services.
It spawns a pppd process and operates the communication between the gateway and
this process.
It is compatible with Fortinet VPNs.
-
Simply connect to a VPN:
openfortivpn vpn-gateway:8443 --username=foo -
Connect to a VPN using an authentication realm:
openfortivpn vpn-gateway:8443 --username=foo --realm=bar -
Don't set IP routes and don't add VPN nameservers to
/etc/resolv.conf:openfortivpn vpn-gateway:8443 -u foo -p bar --no-routes --no-dns -
Using a config file:
openfortivpnWith
/etc/openfortivpn/configcontaining:host = vpn-gateway port = 8443 username = foo password = bar set-dns = 0 set-routes = 0 # X509 certificate sha256 sum, trust only this one! trusted-cert = e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db
openfortivpn is packaged for Fedora, Gentoo and NixOS under the package name
openfortivpn.
For other distros, you'll need to build and install from source:
-
Install build dependencies.
- RHEL/CentOS/Fedora:
gccautomakeautoconfopenssl-devel - Debian/Ubuntu:
gccautomakeautoconflibssl-dev - Arch Linux:
gccautomakeautoconfopenssl - Gentoo Linux:
net-dialup/ppp - openSUSE:
gccautomakeautoconflibopenssl-devel - macOS(Homebrew):
automakeautoconf[email protected]
On Linux, if you manage your kernel yourself, ensure to compile those modules:
CONFIG_PPP=m CONFIG_PPP_ASYNC=mOn macOS, install 'Homebrew' to install the build dependencies:
# Install 'Homebrew' /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" # Install Dependencies brew install automake autoconf [email protected]
On macOS, install 'openfortivpn'...
brew install openfortivpn...or build a version of your choice from source following the instructions in step 2.
- RHEL/CentOS/Fedora:
-
Build and install.
./autogen.sh ./configure --prefix=/usr/local --sysconfdir=/etc make sudo make install
If you need to specify the openssl location you can set the
$PKG_CONFIG_PATHenvironment variable.
openfortivpn needs elevated privileges at three steps during tunnel set up:
- when spawning a
/usr/sbin/pppdprocess; - when setting IP routes through VPN (when the tunnel is up);
- when adding nameservers to
/etc/resolv.conf(when the tunnel is up).
For these reasons, you may need to use sudo openfortivpn.
If you need it to be usable by non-sudoer users, you might consider adding an
entry in /etc/sudoers.
For example:
visudo -f /etc/sudoers.d/openfortivpn
Cmnd_Alias OPENFORTIVPN = /usr/bin/openfortivpn
%adm ALL = (ALL) OPENFORTIVPN
Warning: Make sure only trusted users can run openfortivpn as root!
As described in #54,
a malicious user could use --pppd-plugin and --pppd-log options to divert
the program's behaviour.
Feel free to make pull requests!
C coding style should follow the Linux kernel Documentation/CodingStyle.