Forticlient

... W I P ...

Forticlient is available for multiple platforms but official downloads do not contain anything for linux (as of Apr 2017). Therefore here below you will find linux client provided by Arubacloud

Download & Install the client:

$ wget -q http://kb.arubacloud.com/files/tar-gz/forticlientsslvpn_linux_4-0-2281-tar.aspx -O fortisslvpn.tgz && tar -xzf fortisslvpn.tgz
$ cd forticlientsslvpn && ./helper/setup.linux.sh

Press Ctrl+C, Agree Their License (1st time only) & then connect to VPN by:

$ yes | ./forticlientsslvpn_cli --server firewall_vpn_endpoint:10443 --vpnuser a_user > /dev/null

If you wish run with GUI you may need to install

sudo apt-get install libgtk2.0-0:i386

Troubleshooting

Peer's certificate is not valid. action is 1

Your endpoint SSL certificate is not trusted by your local machine. Firstly, create trustedstore hidden directory

mkdir ~/.fctsslvpn_trustca

Secondly locate trusted stores on your machine and copy to Forticlient trustedstores location

locate cacert
cp /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts ~/.fctsslvpn_trustca
cp cp /opt/Citrix/ICAClient/keystore/cacerts/QuoVadis_Root_CA* ~/.fctsslvpn_trustca

Run the connection command

$ yes | ./forticlientsslvpn_cli --server sslvpn.server.com:10443 --vpnuser a_user > /dev/null
STATUS::Setting up the tunnel
STATUS::Connecting...
NOTICE::ing /home/a_user/.fctsslvpn_trustca
NOTICE::oVadis_Root_CA_2.crt => d7e8dc79.0
WARNING: cacerts does not contain a certificate or CRL: skipping
NOTICE::oVadis_Root_CA_3.crt => 76faf6c0.0
STATUS::Login succeed
STATUS::Starting PPPd
STATUS::Initializing tunnel
STATUS::Connecting to server
STATUS::Connected
STATUS::Tunnel running

Logs

tail -f forticlientsslvpn.log