By Manny Fernandez

August 11, 2019

Installing FortiClient on Ubuntu Linux for SSL VPN

I ran Windows as my main Desktop OS for many years.  When XP came out, I decided to move to Linux as my main OS. Since I was always in the CLI anyhow, and SSH was built-in, I did not have to use Putty which I despise.  Then I was at a CCIE Security Boot-Camp in San Jose when I dropped my laptop.  It was two days into a two week bootcamp.  I had to buy another laptop.  A classmate that worked at Cisco’s TAC that was taking the bootcamp offered to take me to the Apple Store.  I said “What the hell”.  I was already in the hole for like 20K so what was another few thousand dollars.  I did it and loved Apple ever since.  I do always miss my Linux.  I call it “The Poor Man’s Mac” If I could not purchase a Mac, I would absolutely be running Linux again. Even today, I run a VM of Ubuntu.

In this post, I will configure FortiClient to connect to a Fortigate running the SSL VPN.  You will need to get the Forticlient for Linux file.  I will update it here if it is allowed.

  1. Once you have the file, create a folder (e.g. sudo mkdir /opt/SSLVPN)
  2. Copy or move the file into this folder.
  3. You will now need to extract the file

You can do this by right clicking in the GUI and choosing ‘Open With Archive Manager’

If you want to extract it in the CLI run the following command:

tar -xxvf forticlientsslvpn_linux_4.4_2336.tar.gz

Now that it is extracted, we can go in and run the script.

In the screenshot above, we can see the changing of the directory cd /opt and then changing into the SSLVPN cd SSLVPN and finally, the running of the script ./fortisslvpn.sh

When you run the script, you will be presented with some pop-ups

Read the EULA and if you agree to the terms, press Agree

You can now create a Connection

A. IP address or FQDN

B. Your username (if not entered, you will be prompted)

C. Password (if not entered, you will be prompted)

Click on the + sign and fill in the pertinent information. Once you name the connection and fill in the info, choose Create

Once you are done, click Done

Now you are ready to connect.

Choose the connection you created and click Connect. Not that you CAN add the certificate and a password for said certificate.

In my case, I am using an untrusted certificate and you will get a similar error.  Hit Continue.  In a production environment, buy a certificate.

In my case, FortiToken is being used for MFA.  I am prompted for the OTP and then I hit OK

This is me trying to ping 172.20.180.254 and we can see the VPN is not up and I am unable to ping.  Once I connect with the VPN,

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story