Fortinet Client in Command Line
I was asked to connect to a client VPN using Fortinet Client. Since I have been using Cisco Secure Client via command-line interface (CLI), I have been spoiled by the comfort of connecting via command line. So I looked for possible ways to connect to said client VPN using the same way.
Turns out there’s a utility called openfortivpn that allows you to connect to PPP+TLS VPN tunnel services. Since I already have Homebrew installed on my Mac, I installed openfortivpn using the following command:
1
brew install openfortivpn
I then created a configuration file which I can use to connect to the VPN.
1
2
3
4
host = <vpn-gateway-ip>
port = <port>
username = <my-username>
password = <my-password>
I then ran the following in sudo as it needs privileges to establish tunneling.
1
sudo openfortivpn -c VPN.config
Initially it didn’t work, so I added the -v parameter to enable debug:
1
sudo openfortivpn -v -c VPN.config
That’s when I learned that I need to add to add the following line in my VPN.config file:
1
trusted-cert = <string as it appeared in the debug logs>
I was able to connect okay, but I noticed that hostnames in URLs are not resolving to their IP addresses. The IP addresses are fine, so I thought it could be a problem with the DNS. I then added the following so the connection will allow the network to use the client’s DNS settings:
1
2
set-dns = 0
pppd-use-peerdns = 1
After that, I added the connections as aliases and so I have a single command to type when connecting.