By Manny Fernandez

August 11, 2019

Installing FortiClient on Ubuntu Linux for SSL VPN

I ran Windows as my main Desktop OS for many years.  When XP came out, I decided to move to Linux as my main OS. Since I was always in the CLI anyhow, and SSH was built-in, I did not have to use Putty which I despise.  Then I was at a CCIE Security Boot-Camp in San Jose when I dropped my laptop.  It was two days into a two week bootcamp.  I had to buy another laptop.  A classmate that worked at Cisco’s TAC that was taking the bootcamp offered to take me to the Apple Store.  I said “What the hell”.  I was already in the hole for like 20K so what was another few thousand dollars.  I did it and loved Apple ever since.  I do always miss my Linux.  I call it “The Poor Man’s Mac” If I could not purchase a Mac, I would absolutely be running Linux again. Even today, I run a VM of Ubuntu.

In this post, I will configure FortiClient to connect to a Fortigate running the SSL VPN.  You will need to get the Forticlient for Linux file.  I will update it here if it is allowed.

  1. Once you have the file, create a folder (e.g. sudo mkdir /opt/SSLVPN)
  2. Copy or move the file into this folder.
  3. You will now need to extract the file

You can do this by right clicking in the GUI and choosing ‘Open With Archive Manager’

If you want to extract it in the CLI run the following command:

tar -xxvf forticlientsslvpn_linux_4.4_2336.tar.gz

Now that it is extracted, we can go in and run the script.

In the screenshot above, we can see the changing of the directory cd /opt and then changing into the SSLVPN cd SSLVPN and finally, the running of the script ./fortisslvpn.sh

When you run the script, you will be presented with some pop-ups

Read the EULA and if you agree to the terms, press Agree

You can now create a Connection

A. IP address or FQDN

B. Your username (if not entered, you will be prompted)

C. Password (if not entered, you will be prompted)

Click on the + sign and fill in the pertinent information. Once you name the connection and fill in the info, choose Create

Once you are done, click Done

Now you are ready to connect.

Choose the connection you created and click Connect. Not that you CAN add the certificate and a password for said certificate.

In my case, I am using an untrusted certificate and you will get a similar error.  Hit Continue.  In a production environment, buy a certificate.

In my case, FortiToken is being used for MFA.  I am prompted for the OTP and then I hit OK

This is me trying to ping 172.20.180.254 and we can see the VPN is not up and I am unable to ping.  Once I connect with the VPN,

 

Recent posts