Scripting the Fortigate VPN Client
##################################
:date: 2014-09-12 13:37
:tags: expect, fortigate

Again there was a need to fix frickelsoftware. In that case i needed a permanent vpn connection via the fortigate vpn client .
Problem is, that the tunnel disconnects after some time but the client does not exists and that input cannot simply piped into the executable.

I wrote an Expect script which works work around both issues:    

.. code-block:: tcl
    
    #!/usr/bin/expect -f
    # cd into the 64 bit folder of the client
    # usage: efort.exp

    spawn ./forticlientsslvpn_cli --server <VPNIP>:<VPNPORT> --vpnuser <VPNUSER> 2>&1
    log_user 0
    send_user "Logging in\n"
    expect "Password for VPN:"
    send "<VPNPASSWORD>\n"

    # i needed ths for 'certificate error'
    expect "Would you like to connect to this server"
    send "Y\n"
    send_user "Beginning to connect\n"
    expect "STATUS::Tunnel running"
    send_user "Tunnel running!\n"

    # this is how long the next expect waits for pattern match, in seconds
    set timeout 90001
    expect "STATUS::Tunnel closed"
    send_user "Tunnel closed!\n"
    send_user "Dying\n"
    close
    exit


At the end, enterprise-loop the script and we are done!

.. code-block:: bash

    #!/bin/sh
    cd "$(dirname "$(readlink -f "$0")")"
    while sleep 1;do
        expect efort.exp
        echo "Restarting forticlient !"
    done


Fyi: It seems it is not that easy to find the fortigate client for linux, if you are lucky you can get it from the `official FTP server`_ or have a look at the current `fortclientsslvpn AUR package`_.


.. _official FTP server: ftp://pftpintl:sgn89IOngs@support.fortinet.com/FortiGate/v5.00/5.2/5.2.0/VPN/SSLVPNTools/forticlientsslvpn_linux_4.4.2303.tar.gz
.. _fortclientsslvpn AUR package: https://aur.archlinux.org/packages/forticlientsslvpn/