Wednesday, September 28, 2016

SSL VPN: Configuring and Using Forticlient on Ubuntu, creating a Launcher

  1. Is your primary OS at home Linux and do you use Windows only to connect to your work PC over VPN or to attend meetings? 
  2. Do you often wish to connect to your work VPN from a Linux PC? 
If your answer is 'Yes' to the above questions, I have an answer if your workplace uses Fortinet SSL VPN. Note that it's possible to connect to Fortinet and other VPNs like Cisco VPN from Linux through the inbuilt network manager by installing additional tools but this post would focus on using the standard Forticlient for accessing the resources on your work network.

Obtaining Forticlient

The most important thing to note w.r.t. using Forticlient for Ubuntu (or any Linux distro) is to note that the client is not publicly available for download from the official website. You will have to ask your IT department to download the client for you, in case they haven't provided it.

Here is the Fortinet KB which explains the location from where the file can be downloaded.


Using Forticlient

Files Extraction

Once you have the file (the name would be forticlientsslvpn_linux_<version>.tar.gz), extract it to the location of your choice on your Linux PC (I'm on Ubuntu 16.04 LTS).

1
tar xvzf forticlientsslvpn_linux_<version>.tar.gz

Launching

You can launch the Forticlient using the terminal after navigating to the path. You need to launch the script as superuser only the first time you run it.

1
2
cd forticlientsslvpn/
sudo ./fortisslvpn.sh

Accept the license agreement and you will have the client running immediately after that -


Enter the details provided by your administrator in terms of the URL, port number etc. and click connect to establish the connection. If you don't use a certificate you can leave the fields blank. A warning dialog to this effect would be shown while connecting on which you can click 'Continue'.


To avoid entering details every time, you can save the connection details which will persist between sessions. Click 'Settings' for this -


Connecting to the remote computer 

Now once Forticlient shows Tunnel Running, you are all set to connect to your work PC. Use Ubuntu's Remmina Remote Desktop Client.


Click on 'New' and save your machines details. You can select various color depth values; quality, sound (in Advanced tab) to improve your connection experience.

Once done, click 'Connect'.

Creating a Unity Launcher

One wouldn't want to navigate to the fortisslvpn folder every time to launch this client application. Therefore, let's create a launcher, a .desktop file to launch the application.

Prior to that, let's move the fortisslvpn folder (which is likely to be residing in your home or Downloads folder to /usr/local).

Assuming that the forticlientsslvpn folder is inside Downloads,

1
2
cd Downloads
sudo mv forticlientsslvpn /usr/local/

Create a .desktop file which will act as a launcher with the following content.

gedit ~/.local/share/applications/Fortinet.desktop

Fortinet.desktop's content

[Desktop Entry]
Version=1.0
Name=Fortinet
Exec=/usr/local/forticlientsslvpn/fortisslvpn.sh
Path=/usr/local/forticlientsslvpn
Icon=forticlientsslvpn.png
Terminal=false
Type=Application
Categories=Utility;Application;Development;

You can pin the launcher to Unity Launcher if necessary.