Setup Fortinet VPN Client In CentOS 7

·

2 min read

My applications need to access services in client's private network. I am using openfortivpn to connect to Fortigate SSL VPN server. It should work for PPP VPN too.

Installation

Checkout github.com/adrienverge/openfortivpn#install.. for installation instruction. Check if there is already a package for your Linux distro before heading for manual build & install method.

sudo yum install openfortivpn

The systemd template file is provided in Github but not included in YUM package. So we have to create it manually with some modifications.

Create /usr/lib/systemd/system/openfortivpn@.service

[Unit]
Description=OpenFortiVPN for %I
After=network-online.target
Documentation=man:openfortivpn(1)

# Available from v230 onward. Ref: https://unix.stackexchange.com/a/464098
#StartLimitIntervalSec=500
#StartLimitBurst=5

[Service]
Type=simple
PrivateTmp=true
ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf
OOMScoreAdjust=-100

# Auto restart when it gets disconnected.
Restart=always
RestartSec=500ms

[Install]
WantedBy=multi-user.target

Reload systemd config.

sudo systemctl daemon-reload

Setup

Create a copy of “config” in /etc/openfortivpn/ and name it “example.conf”.

WARNING Make sure it has a .conf extension and filename matches the instance name in systemd service file.

cd /etc/openfortivpn
sudo cp config example.conf
sudo chmod 600 example.conf

Edit the VPN configuration. The configuration may contain password, therefore file permission should be set to “600”.

Enabled this service.

sudo systemctl enable openfortivpn@example

Note that instance name is the part between “@” and “.service”. Instance name must match openfortivpn config filename, excluding file extension.

Start VPN Service

sudo systemctl start openfortivpn@example

Maintaining Persistent Connection

My client's VPN server is configured to disconnect client after 5 minutes of inactivity. I have configured systemd to automatically restart the service upon disconnection. After some time, I discovered that openfortivpn service is running, but I am unable to access the private network. As a workaround, I created a cron job to ping 1 of the IPs in the private network at 4 minutes interval. This creates network activity and prevent forced disconnection.

Did you find this article valuable?

Support Hong by becoming a sponsor. Any amount is appreciated!