Setting up OpenFortiVPN for Mac or Linux

Topic

Openfortivpn is a command line VPN client to replace the OSX version of the FortiClient that is unreliable in that OS. It can also be used in Linux where there is no official client.

Prerequisites

OSX

  • Homebrew
  • Openssl

Linux

  • All dependencies will be installed if you use your package manager. 
  • Otherwise, see https://github.com/adrienverge/openfortivpn

Instructions

On Mac, use this Terminal command: brew install openfortivpn
On Linux, depending on the distro, you can use your package manager and install or pull and build from here: https://github.com/adrienverge/openfortivpn

Config


You will need to know the hash for the trusted cert. To get this, connect without using a trusted cert, and the client will tell you what to add to your config. 

 

Enter the following in a configuration file of your choice (~/.config/openfortivpn.config is assumed for this guide)

$ vim ~/.config/openfortivpn.config


host = gonzagavpn.gonzaga.edu
port = 443
username = (your username without @gonzaga.edu)

Then run

$ sudo openfortivpn -c ~/.config/​​​​​​​openfortivpn.config 

You must use sudo for this, as the client needs root level kernel access for networking changes and needs to be able to write to resolv.conf. 

Once you try to connect, you will see a lot of failure output including a line like: 
trusted-cert = af235d3f42a76e89dc2abb07604fcd344c4cb2f2baf93611b290e574e8c78f7b
Add this to the bottom of the config below your username, and rerun the client command

$ sudo openfortivpn -c ~/.config/​​​​​​​openfortivpn.config 

Connect again and pay attention for your Authenticator push. It happens quickly most of the time, and it times out relatively quickly. 


Please do not store your GU password in plain text. 
Additional Notes: openfortivpn edits resolv.conf - if this is not how you are doing DNS resolution, you will have to set up a method to edit your DNS entries yourself. In Mac, only CLI things use resolv.conf and GUI things use scutil. As a Mac will ignore DNS entries that don't work, I just added 147.222.0.15 and 147.222.4.15 to my network config in System Preferences and gonzaga.edu as the search domain. With 8.8.8.8 as my first DNS entry there, this works fine on or off VPN. 

Need more help?

Please reach out directly to Tyler Spilker (spilkert@gonzaga.edu) or Will Tuinenga (tuinengaw@gonzaga.edu)

100% helpful - 1 review
Print Article