New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debian 9 - Connect button does nothing #6

Closed
LaurentDumont opened this Issue Jul 1, 2017 · 5 comments

Comments

Projects
None yet
3 participants
@LaurentDumont

LaurentDumont commented Jul 1, 2017

Hi, I have just installed the GUI client from the repo and it seems that the "Connect" button doesn't do anything.

Adding the VPN works, but I can't connect after. There is nothing relevant in the logs just this
Jul 1 13:24:10 openfortiGUI::Info: active-tab:: 0

Distributor ID: Debian Description: Debian GNU/Linux unstable (sid) Release: unstable Codename: sid
[laurent@petitepatate:~] $ sudo dpkg -l | grep forti ii openfortigui 0.2.12-1 amd64 GUI for openfortivpn ii openfortivpn 1.3.0 all openfortivpn is a client for PPP+SSL VPN tunnel services. It spawns a pppd process and operates the communication between the gateway and this process.

I've just tried https://hadler.me/linux/forticlient-sslvpn-deb-packages/ - and it works just fine.

@theinvisible

This comment has been minimized.

Show comment
Hide comment
@theinvisible

theinvisible Jul 1, 2017

Owner

Hello, please try the latest version 0.2.13 or build from git.

The new version has better logging support. You can find the logs for each VPN in ~/.openfortigui/logs/vpn. You can also enable "Debug" logging by ticking the option in your VPN-Profile. Have a try again.

Also check that your user can execute openfortigui via sudo without password.

Owner

theinvisible commented Jul 1, 2017

Hello, please try the latest version 0.2.13 or build from git.

The new version has better logging support. You can find the logs for each VPN in ~/.openfortigui/logs/vpn. You can also enable "Debug" logging by ticking the option in your VPN-Profile. Have a try again.

Also check that your user can execute openfortigui via sudo without password.

@yamss

This comment has been minimized.

Show comment
Hide comment
@yamss

yamss Jul 1, 2017

same problem here, I get a segmentation fault error when running as non-root.
If I run 'sudo openfortigui', it works OK.
my user is in the sudoers with ALL=(ALL:ALL) NOPASSWD: ALL
using 0.2.13-dev

yamss commented Jul 1, 2017

same problem here, I get a segmentation fault error when running as non-root.
If I run 'sudo openfortigui', it works OK.
my user is in the sudoers with ALL=(ALL:ALL) NOPASSWD: ALL
using 0.2.13-dev

@LaurentDumont

This comment has been minimized.

Show comment
Hide comment
@LaurentDumont

LaurentDumont Jul 1, 2017

Looks like running 2.13 with sudo did the trick. I have a password for sudo as I don't really feel like it's a good security measure to have some kind of filter when escalating privileges. I know that forticlient-sslvpn client requires root the first time when starting the app.

Logs for the vpn show

Jul 1 16:34:40 openfortiGUI::Info: Socket ist nicht offen which is a bit funny in german! ;)

Nothing relevant in the gui log file. No stack trace in my case.

Is that something that could be adapted for the GUI version?

LaurentDumont commented Jul 1, 2017

Looks like running 2.13 with sudo did the trick. I have a password for sudo as I don't really feel like it's a good security measure to have some kind of filter when escalating privileges. I know that forticlient-sslvpn client requires root the first time when starting the app.

Logs for the vpn show

Jul 1 16:34:40 openfortiGUI::Info: Socket ist nicht offen which is a bit funny in german! ;)

Nothing relevant in the gui log file. No stack trace in my case.

Is that something that could be adapted for the GUI version?

@theinvisible

This comment has been minimized.

Show comment
Hide comment
@theinvisible

theinvisible Jul 1, 2017

Owner

Running the program as root is not recommended. It only requires root privileges for system-network access when starting a VPN. For details see here: https://github.com/adrienverge/openfortivpn

With .deb install there should be a sudoers file installed into /etc/sudoers.d/openfortigui . By default everyone in sudo group has the required permissions for openfortigui.

Logs are not that accurate right now, but we are working on : )

forticlient-sslvpn uses setuid/suid so no additional sudo is required. This doesnt mean its more safe.

Owner

theinvisible commented Jul 1, 2017

Running the program as root is not recommended. It only requires root privileges for system-network access when starting a VPN. For details see here: https://github.com/adrienverge/openfortivpn

With .deb install there should be a sudoers file installed into /etc/sudoers.d/openfortigui . By default everyone in sudo group has the required permissions for openfortigui.

Logs are not that accurate right now, but we are working on : )

forticlient-sslvpn uses setuid/suid so no additional sudo is required. This doesnt mean its more safe.

@LaurentDumont

This comment has been minimized.

Show comment
Hide comment
@LaurentDumont

LaurentDumont Jul 2, 2017

I wasn't directly running as root, just starting the binary with sudo. I was mostly asking because I was previously going through the app menu and manually selecting the icon. Which I assume, launches openfortigui without any elevated permissions. My user is also member of the sudo group.

I don't have an issue with going through sudo when I start the VPN.

Thanks again for all your work, it's awesome.

LaurentDumont commented Jul 2, 2017

I wasn't directly running as root, just starting the binary with sudo. I was mostly asking because I was previously going through the app menu and manually selecting the icon. Which I assume, launches openfortigui without any elevated permissions. My user is also member of the sudo group.

I don't have an issue with going through sudo when I start the VPN.

Thanks again for all your work, it's awesome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment