Connect to a Fortinet VPN with Ubuntu
Solution 1
If you use SSL based VPN from Fortinet, you can use openfortivpn software which is part of Ubuntu and Fedora.
$ sudo apt install -y openfortivpn || yum install -y openfortivpn
$ touch openfortivpn.conf
$ chmod go= openfortivpn.conf
Edit openfortivpn.conf:
host =
port =
username =
password =
# trusted-cert =
Connect the first time:
$ sudo openfortivpn -c openfortivpn.conf
ERROR: Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR: --trusted-cert <some-random-string-to-add-to-trusted-cert>
Edit openfortivpn.conf file and update trusted-cert
option with the string from the error. Make sure the option is not commented (remove the #
).
Each time you need to connect, run:
sudo openfortivpn -c openfortivpn.conf
You could also do it straight through the command line and make an alias for it in your .bashrc
. This is less secure as any user on the system will be able to see the password using ps
.
sudo openfortivpn -u <USER> -p <PASSWORD> --trusted-cert <CERTIFICATE> <SERVER>:<PORT>
To disconnect press: Ctrl+C
Solution 2
Fortinet is just an IPSEC VPN server - you don't specifically need their client to connect to it. The IPSEC HOWTO details a list of various options you have for setting up a Linux VPN client. There are also a few commercial linux IPSec clients such as Shrewsoft.
Related videos on Youtube
Krishna
Updated on September 17, 2022Comments
-
Krishna almost 2 years
I don't know a lot about VPNs but I'd like to connect to a Fortinet VPN with Ubuntu.
I can connect on Windows using Forticlient just by entering the policy server (vpn.theserver.com) and then it asks for a user/password. I use IPSec.
-
Matthias Braun over 6 yearsI used strongSwan for connecting to FortiGate from Arch Linux. See this answer for instructions.
-
-
Damico about 5 yearsWorked fine in debian, after compiling operfortivpn from github
-
Abhay Kochar about 5 yearsWorked for me like a charm on AWS Ec2 Ubuntu 18.04 Thank you so much
-
symcbean over 4 yearsI found the Shrewsoft client on Linux to be almost as painful as using it on MSWindows - I switched to using vpnc - and never looked back.
-
Klesun over 4 yearsI always get a "Received bad header from gateway:" error after entering the 2factor authentication token. Guess it's time to secondboot windows sadly...
-
Nabeel Shaikh about 4 yearshey, if I want to add the pre-shared key into this config file, how I can do this?
-
Terminator almost 4 yearsAmazing job worked fine on Ubuntu 18.04 without any issue whatsoever