Setup Fortinet VPN Client In CentOS 7
My applications need to access services in client's private network. I am using openfortivpn to connect to Fortigate SSL VPN server. It should work for PPP VPN too.
Checkout github.com/adrienverge/openfortivpn#install.. for installation instruction. Check if there is already a package for your Linux distro before heading for manual build & install method.
sudo yum install openfortivpn
The systemd template file is provided in Github but not included in YUM package. So we have to create it manually with some modifications.
[Unit] Description=OpenFortiVPN for %I After=network-online.target Documentation=man:openfortivpn(1) # Available from v230 onward. Ref: https://unix.stackexchange.com/a/464098 #StartLimitIntervalSec=500 #StartLimitBurst=5 [Service] Type=simple PrivateTmp=true ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf OOMScoreAdjust=-100 # Auto restart when it gets disconnected. Restart=always RestartSec=500ms [Install] WantedBy=multi-user.target
Reload systemd config.
sudo systemclt daemon-reload
Create a copy of “config” in /etc/openfortivpn/ and name it “example.conf”.
WARNING Make sure it has a .conf extension and filename matches the instance name in systemd service file.
cd /etc/openfortivpn sudo cp config example.conf sudo chmod 600 example.conf
Edit the VPN configuration. The configuration may contain password, therefore file permission should be set to “600”.
Enabled this service.
sudo systemctl enable openfortivpn@example
Note that instance name is the part between “@” and “.service”. Instance name must match openfortivpn config filename, excluding file extension.
Start VPN Service
sudo systemctl start openfortivpn@example
Maintaining Persistent Connection
My client's VPN server is configured to disconnect client after 5 minutes of inactivity. I have configured systemd to automatically restart the service upon disconnection. After some time, I discovered that openfortivpn service is running, but I am unable to access the private network. As a workaround, I created a cron job to ping 1 of the IPs in the private network at 4 minutes interval. This creates network activity and prevent forced disconnection.