diff options
author | makefu <root@pigstarter.de> | 2014-09-12 14:05:42 +0200 |
---|---|---|
committer | makefu <root@pigstarter.de> | 2014-09-12 14:05:42 +0200 |
commit | 9261d62b4712eb7d8e5ff8c085ffa78115d11a7c (patch) | |
tree | 7c463b71aa8e9f770bb2e2823327e3846e9bfb68 | |
parent | 80a6b5b7662e42c964409cb56b03fe168f7aa353 (diff) |
add fortigate scripting
-rw-r--r-- | content/posts/scripting-forti.rst | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/content/posts/scripting-forti.rst b/content/posts/scripting-forti.rst new file mode 100644 index 0000000..7ee3a23 --- /dev/null +++ b/content/posts/scripting-forti.rst @@ -0,0 +1,55 @@ +Scripting the Fortigate VPN Client +################################## +:date: 2014-09-12 13:37 +:tags: expect, fortigate + +Again there was a need to fix frickelsoftware. In that case i needed a permanent vpn connection via the fortigate vpn client . +Problem is, that the tunnel disconnects after some time but the client does not exists and that input cannot simply piped into the executable. + +I wrote an Expect script which works work around both issues: + +.. code-block:: tcl + + #!/usr/bin/expect -f + # cd into the 64 bit folder of the client + # usage: efort.exp + + spawn ./forticlientsslvpn_cli --server <VPNIP>:<VPNPORT> --vpnuser <VPNUSER> 2>&1 + log_user 0 + send_user "Logging in\n" + expect "Password for VPN:" + send "<VPNPASSWORD>\n" + + # i needed ths for 'certificate error' + expect "Would you like to connect to this server" + send "Y\n" + send_user "Beginning to connect\n" + expect "STATUS::Tunnel running" + send_user "Tunnel running!\n" + + # this is how long the next expect waits for pattern match, in seconds + set timeout 90001 + expect "STATUS::Tunnel closed" + send_user "Tunnel closed!\n" + send_user "Dying\n" + close + exit + + +At the end, enterprise-loop the script and we are done! + +.. code-block:: bash + + #!/bin/sh + cd "$(dirname "$(readlink -f "$0")")" + while sleep 1;do + expect efort.exp + echo "Restarting forticlient !" + done + + +Fyi: It seems it is not that easy to find the fortigate client for linux, if you are lucky you can get it from the `official FTP server`_ or have a look at the current `fortclientsslvpn AUR package`_. + + +.. _official FTP server: ftp://pftpintl:sgn89IOngs@support.fortinet.com/FortiGate/v5.00/5.2/5.2.0/VPN/SSLVPNTools/forticlientsslvpn_linux_4.4.2303.tar.gz +.. _fortclientsslvpn AUR package: https://aur.archlinux.org/packages/forticlientsslvpn/ |