Fortinet SSL VPN Client Setup Without GUI on Linux (centos)

I spent a while trying to find documentation on this, and got this from a Fortinet Engineer.

  1. Install like any other using tar.gz file Then run below command in linux CLI
  2. Then run below command in linux CLI

./forticlientsslvpn_cli --server 172.17.97.85:10443 --vpnuser forti

Make sure the command run from the sslvpn directory. Substitute the IP address with the one of your server .


This is another short solution. Download & Install the client:

# wget -q http://kb.arubacloud.com/files/tar-gz/forticlientsslvpn_linux_4-0-2281-tar.aspx -O fortisslvpn.tgz && tar -xzf fortisslvpn.tgz
# cd forticlientsslvpn && ./helper/setup.linux.sh

Press Ctrl+C, Agree Their License (1st time only) & then connect to VPN by:

# yes | ./forticlientsslvpn_cli --server example_firewall_host:10443 --vpnuser example_user > /dev/null

You can try to configure your VPN without the Fortinet GUI. Here's a complete guide to IPSEC for linux http://www.ipsec-howto.org/ and you may want to try this:

The link is created by running pppd through a pseudo terminal that is created by pty-redir and connected to ssh. This is done with something similar to the following sequence of commands:

/usr/sbin/pty-redir /usr/bin/ssh -t -e none -o 'Batchmode yes' -c blowfish -i /root/.ssh/identity.vpn -l joe > /tmp/vpn-device
sleep 10

/usr/sbin/pppd `cat /tmp/vpn-device`
sleep 15

/sbin/route add -net 172.16.0.0 gw vpn-internal.mycompany.com netmask 255.240.0.0
/sbin/route add -net 192.168.0.0 gw vpn-internal.mycompany.com netmask 255.255.0.0

What this does is run ssh, redirecting the input and output to pppd. The options passed to ssh configure it to run without escape characters (-e), using the blowfish crypto algorithm (-c), using the identity file specified (-i), in terminal mode (-t), with the options 'Batchmode yes' (-o). The sleep commands are used to space out the executions of the commands so that each can complete their startup before the next is run.

From "Bring up the link"

Next section, "Scripting" may help you as well to configure and run your VPN client. There's additional information in the ubuntu documentation.


Coded some Expect script like this:

#!/usr/bin/expect
spawn /opt/local/forticlientsslvpn/64bit/forticlientsslvpn_cli --server vpn_host:port --vpnuser user1
expect "Password for VPN:"
send "password\r"
#expect "*(Y/N)"
#send "Y\r"
interact