openfortivpn

openfortivpn is a client for PPP+SSL VPN tunnel services.
It spawns a pppd process and operates the communication between the gateway and this process.

It is compatible with Fortinet VPNs.

Examples

Simply connect to a VPN:

openfortivpn vpn-gateway:8443 --username=foo

Connect to a VPN using an authentication realm:

openfortivpn vpn-gateway:8443 --username=foo --realm=bar

Don't set IP routes and don't add VPN nameservers to /etc/resolv.conf:

openfortivpn vpn-gateway:8443 -u foo -p bar --no-routes --no-dns --pppd-no-peerdns

Using a config file:

openfortivpn -c /etc/openfortivpn/my-config

With /etc/openfortivpn/my-config containing:

host = vpn-gateway
port = 8443
username = foo
password = bar
set-dns = 0
set-routes = 0
# X509 certificate sha256 sum, trust only this one!
trusted-cert = e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db

Installing

openfortivpn is packaged for Fedora, openSUSE / SLE, Gentoo, NixOS, Arch Linux and Solus under the package name openfortivpn.

For other distros, you'll need to build and install from source:

Install build dependencies.
- RHEL/CentOS/Fedora: gcc automake autoconf openssl-devel pkg-config
- Debian/Ubuntu: gcc automake autoconf libssl-dev pkg-config
- Arch Linux: gcc automake autoconf openssl pkg-config
- Gentoo Linux: net-dialup/ppp pkg-config
- openSUSE: gcc automake autoconf libopenssl-devel pkg-config
- macOS(Homebrew): automake autoconf openssl@1.0 pkg-config
On Linux, if you manage your kernel yourself, ensure to compile those modules:
```
CONFIG_PPP=m
CONFIG_PPP_ASYNC=m
```
On macOS, install 'Homebrew' to install the build dependencies:
```
# Install 'Homebrew'
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

# Install Dependencies
brew install automake autoconf openssl@1.0
```
On macOS, install 'openfortivpn'...
```
brew install openfortivpn
```
...or build a version of your choice from source following the instructions in step 2.
Build and install.
```
./autogen.sh
./configure --prefix=/usr/local --sysconfdir=/etc
make
sudo make install
```
If you need to specify the openssl location you can set the $PKG_CONFIG_PATH environment variable.

Running as root?

openfortivpn needs elevated privileges at three steps during tunnel set up:

when spawning a /usr/sbin/pppd process;
when setting IP routes through VPN (when the tunnel is up);
when adding nameservers to /etc/resolv.conf (when the tunnel is up).

For these reasons, you may need to use sudo openfortivpn.
If you need it to be usable by non-sudoer users, you might consider adding an entry in /etc/sudoers.

For example: visudo -f /etc/sudoers.d/openfortivpn

Cmnd_Alias  OPENFORTIVPN = /usr/bin/openfortivpn

%adm       ALL = (ALL) OPENFORTIVPN

Warning: Make sure only trusted users can run openfortivpn as root!
As described in #54, a malicious user could use --pppd-plugin and --pppd-log options to divert the program's behaviour.

Contributing

Feel free to make pull requests!

C coding style should follow the Linux kernel Documentation/CodingStyle.

Failed to load latest commit information.
doc	Documentation	Nov 20, 2017
etc/openfortivpn	preserve existing config during install, this solves #130 (#193 )	Oct 13, 2017
src	Standard error message for malloc()/realloc()	Nov 25, 2017
tests/lint	Lint the source code	Nov 28, 2015
.gitignore	Support multiarch libraries	Jun 20, 2017
.travis.yml	Instruct travis CI to use autogen.sh	Jun 20, 2017
LICENSE	Fix GPL + OpenSSL license clash	Sep 24, 2015
LICENSE.OpenSSL	Style: Rewrite some code to comply with guidelines	Nov 28, 2015
Makefile.am	preserve existing config during install, this solves #130 (#193 )	Oct 13, 2017
README.md	update README.md	Dec 12, 2017
autogen.sh	Bourne shell	Nov 28, 2017
configure.ac	improve autoconf	Nov 27, 2017

adrienverge/openfortivpn

Join GitHub today

Clone with HTTPS

README.md

openfortivpn

Examples

Installing

Running as root?

Contributing