Setup Fortinet VPN Client In CentOS 7

UpdatedSeptember 18, 2024

•2 min read

I am a developer from Malaysia. I work with PHP most of the time, recently I fell in love with Go. When I am not working, I will be ballroom dancing :-)

Part of seriesHow-to

My applications need to access services in client's private network. I am using openfortivpn to connect to Fortigate SSL VPN server. It should work for PPP VPN too.

Installation

Checkout https://github.com/adrienverge/openfortivpn#installing for installation instruction. Check if there is already a package for your Linux distro before heading for manual build & install method.

sudo yum install openfortivpn

The systemd template file is provided in Github but not included in YUM package. So we have to create it manually with some modifications.

Create /usr/lib/systemd/system/openfortivpn@.service

[Unit]
Description=OpenFortiVPN for %I
After=network-online.target
Documentation=man:openfortivpn(1)

# Available from v230 onward. Ref: https://unix.stackexchange.com/a/464098
#StartLimitIntervalSec=500
#StartLimitBurst=5

[Service]
Type=simple
PrivateTmp=true
ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf
OOMScoreAdjust=-100

# Auto restart when it gets disconnected.
Restart=always
RestartSec=500ms

[Install]
WantedBy=multi-user.target

Reload systemd config.

sudo systemctl daemon-reload

Setup

Create a copy of “config” in /etc/openfortivpn/ and name it “example.conf”.

WARNING Make sure it has a .conf extension and filename matches the instance name in systemd service file.

cd /etc/openfortivpn
sudo cp config example.conf
sudo chmod 600 example.conf

Edit the VPN configuration. The configuration may contain password, therefore file permission should be set to “600”.

Enabled this service.

sudo systemctl enable openfortivpn@example

Note that instance name is the part between “@” and “.service”. Instance name must match openfortivpn config filename, excluding file extension.

Start VPN Service

sudo systemctl start openfortivpn@example

Maintaining Persistent Connection

My client's VPN server is configured to disconnect client after 5 minutes of inactivity. I have configured systemd to automatically restart the service upon disconnection. After some time, I discovered that openfortivpn service is running, but I am unable to access the private network. As a workaround, I created a cron job to ping 1 of the IPs in the private network at 4 minutes interval. This creates network activity and prevent forced disconnection.

#linux #centos #vpn

5.5K views

Comments (1)

Join the discussion

TomTomson4y ago

Leong, hi, I've run into this problem before. Personally, I was helped to solve it by VPNWelt service, the thing is that there are a lot of different VPN services, which are great for all users. There is a little more information about it here- https://en.vpnwelt.com/best-vpn-provider/ . I would recommend you to carefully study all the information on the site VPNWelt, there is definitely a way to solve this problem. I hope I was able to help you.

Hong4y ago

Hi Andrey, thanks for sharing this site. It has a comprehensive reviews on different VPN services. Maybe it solved your problem, but not mine.

My problem is quite specific. My client's company uses Fortinet product for VPN. It is a corporate decision, my client and I cannot change that decision. In order to get my work done, I need to setup a VPN client that works with Fortinet SSL-VPN. Unfortunately VPNWelt does not have any solution specifically for that yet.

TomTomson4y ago

Leong Hean Hong Good afternoon. I guess I didn't fully understand your problem. I'm sorry. But I think that VPNWelt will be useful for you. Thank you for your reply.

How-to

Part 23 of 23

Series of how-to instructions.

Start from the beginning

How to Configure a Linux Web Directory for Multiple Users (Designer-Friendly)

Managing a Linux server is standard practice for developers, but it can be a nightmare for web designers who are uncomfortable with the Command Line Interface (CLI). If you host static HTML websites and need to allow your design team to edit files wi...

More from this blog

Da Ma Cai 大马彩 API

TL;DR Scarp draw result, host on GitHub, retrieve it like API at damacai.hongineer.com. Data Scraping I have previously shared a technique for scraping Da Ma Cai draw result. Now I finally have time t

Feb 26, 20261 min read17

Monitor MySQL Replication Status with a Bash Script

This is a Bash script that check if the replica (slave) health status. If there is an issue, it will exist with non-zero status. This is useful when used with monitoring tools like [Monit](https://mmo

Feb 24, 20262 min read15

Monitor MySQL Replication Status with a Bash Script

Cheatsheet & Examples: chmod

chmod is a command-line utility used to change the access permissions of file system objects such as files and directories. It allows you to control who can read, write, and execute those objects. Changing Permissions Using Octal Notation Example Usa...

Jan 23, 20263 min read9

Cheatsheet & Examples: chown

chown changes the ownership of files and directories. This involves modifying the user and/or group associated with a file, determining who has access and permissions. Changing File Ownership to a Specific User Example Usage: chown user file.txt What...

Jan 20, 20263 min read6

Cheatsheet & Examples: usermod

The usermod command modifies a user account's properties on a Linux system. It allows administrators to change various attributes associated with a user, such as the user's login name, home directory, shell, groups, and password expiry information. C...

Jan 16, 20263 min read11

Hong's Tech Blog

110 posts

The blog is older than you know. I prefer counting from the emergence of one integral anomaly to the emergence of the next, in which case this is the forth version.

Command Palette