README.md 2.2 KB
openfortivpn
openfortivpn is a client for PPP+SSL VPN tunnel services. It spawns a pppd process and operates the communication between the gateway and this process.
It is compatible with Fortinet VPNs.
Examples
- Simply connect to a VPN:
openfortivpn vpn-gateway:8443 --username=foo
- Don't set IP routes and don't add VPN nameservers to
/etc/resolv.conf:
openfortivpn vpn-gateway:8443 -u foo -p bar --no-routes --no-dns
- Using a config file:
openfortivpn
With /etc/openfortivpn/config containing:
host = vpn-gateway
port = 8443
username = foo
password = bar
# X509 certificate sha256 sum, trust only this one!
trusted-cert = e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db
Building from source
Install build dependencies.
- Fedora:
gccautomakeautoconfopenssl-devel - Ubuntu:
automakeautoconflibssl-dev - Debian:
gccautomakeautoconflibssl-dev - Arch Linux:
automakeautoconfopenssl - Gentoo Linux:
net-dialup/ppp
- Fedora:
If You manage your kernel yourself, ensure to compile those modules:
CONFIG_PPP=m
CONFIG_PPP_ASYNC=m
Build and install.
aclocal && autoconf && automake --add-missing ./configure --prefix=/usr --sysconfdir=/etc make sudo make install
Running as root?
openfortivpn needs elevated privileges at three steps during tunnel set up:
- when spawning a
/usr/sbin/pppdprocess; - when setting IP routes through VPN (when the tunnel is up);
- when adding nameservers to
/etc/resolv.conf(when the tunnel is up).
For these reasons, you may need to use sudo openfortivpn. If you need it to
be usable by non-sudoer users, you might consider adding an entry in
/etc/sudoers.
For example:
visudo -f /etc/sudoers.d/openfortivpn
Cmnd_Alias OPENFORTIVPN = /usr/bin/openfortivpn
%adm ALL = (ALL) OPENFORTIVPN
Contributing
Feel free to make pull requests!
C coding style should follow the Linux kernel Documentation/CodingStyle.