blob: 7ee3a233d6d99271bd13689190aea6a7aae12e41 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
Scripting the Fortigate VPN Client
##################################
:date: 2014-09-12 13:37
:tags: expect, fortigate
Again there was a need to fix frickelsoftware. In that case i needed a permanent vpn connection via the fortigate vpn client .
Problem is, that the tunnel disconnects after some time but the client does not exists and that input cannot simply piped into the executable.
I wrote an Expect script which works work around both issues:
.. code-block:: tcl
#!/usr/bin/expect -f
# cd into the 64 bit folder of the client
# usage: efort.exp
spawn ./forticlientsslvpn_cli --server <VPNIP>:<VPNPORT> --vpnuser <VPNUSER> 2>&1
log_user 0
send_user "Logging in\n"
expect "Password for VPN:"
send "<VPNPASSWORD>\n"
# i needed ths for 'certificate error'
expect "Would you like to connect to this server"
send "Y\n"
send_user "Beginning to connect\n"
expect "STATUS::Tunnel running"
send_user "Tunnel running!\n"
# this is how long the next expect waits for pattern match, in seconds
set timeout 90001
expect "STATUS::Tunnel closed"
send_user "Tunnel closed!\n"
send_user "Dying\n"
close
exit
At the end, enterprise-loop the script and we are done!
.. code-block:: bash
#!/bin/sh
cd "$(dirname "$(readlink -f "$0")")"
while sleep 1;do
expect efort.exp
echo "Restarting forticlient !"
done
Fyi: It seems it is not that easy to find the fortigate client for linux, if you are lucky you can get it from the `official FTP server`_ or have a look at the current `fortclientsslvpn AUR package`_.
.. _official FTP server: ftp://pftpintl:sgn89IOngs@support.fortinet.com/FortiGate/v5.00/5.2/5.2.0/VPN/SSLVPNTools/forticlientsslvpn_linux_4.4.2303.tar.gz
.. _fortclientsslvpn AUR package: https://aur.archlinux.org/packages/forticlientsslvpn/
|
