-->

Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router Part 1

Previous post already explain How to run Forticlient SSLVPN CLI on Ubuntu 20.04 router. But if you want to make it as a Fortigate Site-to-site tunnel replacement, you need to make sure Forticlient SSLVPN always running on the Ubuntu router.

This post will focus on creating script to run Forticlient SSLVPN CLI without the need to interact while it is connecting (i.e inserting password, allow untrusted certificates) and run the script as a service to make sure it always running and starting every time the system reboot.

Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router
Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router

Before we start, please read other previous posts. These posts are important to make sure everything we need already fulfilled, and the only thing left is How To Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router. These posts must be read and done first:

  1. Ubuntu Server 20.04 LTS - Basic Network Configuration with netplan
  2. How to build Linux Router with Ubuntu Server 20.04 LTS
  3. Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)

How To Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router

Create script to run Forticlient SSLVPN CLI

This tutorial will use expect script to run Forticlient SSLVPN CLI, so we don't need to type username, password and accept the invalid certificate while connecting with Forticlient SSLVPN CLI.

Install expect to your Ubuntu 20.04 Router with this command

apt update -y && apt install expect -y

With expect script, it will send the string we want for every expected output. For example when running Forticlient, we need to input password when it prompts Password for VPN:. So to use expect, you need to write the output line that needs you to interact with the program.

To create a new script, let say we will create forti.sh script at /opt directory, type this command on terminal:

nano /opt/forti.sh 

Here my expect script for Forticlient SSLVPN CLI and some explanations:

#!/usr/bin/expect
set timeout -1
spawn /opt/forticlientsslvpn/64bit/forticlientsslvpn_cli --server vpn.entaah.laah:10443 --vpnuser user.dummy
expect "Password for VPN:"
send "12345678\n"
expect "(Y/N)"
send "Y\n"
expect "Tunnel close"
close
exit
expect eof

Press CTRL+x then y and enter to create and save the forti.sh script.

Script explanations:

  • #!/usr/bin/expect : Indicate we are using expect script
  • set timeout -1 : Immediately send string when expected output appears
  • spawn /opt/forticlientsslvpn/64bit/forticlientsslvpn_cli... : Execute Forticlient SSLVPN CLI program with the parameters (changes it if you extracted the Forticlient in different folder also change the server and vpnuser parameter)
  • expect "Password for VPN:" and send "12345678\n" : When the output line from Forticlient SSLVPN CLI program is Password for VPN:, the script will imediately send 12345678 (password for user.dummy) and send enter (\n or \r is simulated enter pressed)
  • expect "(Y/N)" and send "Y\n" : Immediately send Y and press enter when (Y/N) appears on the output line
  • expect "Tunnel close", close, exit and expect eof : Make sure the script stop. It will needed to clean up process id to make sure Forticlient SSLVPN just have 1 instance running especially when we are using the script as a service on the next step. It is simulate pressing CTRL+c to quit .

Change the red colored script with your own parameters.

Optional, make the script executable with this command:

chmod +x /opt/forti.sh

That's all for Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router Part 1, we will continue to part 2 for creating the script on this post as a service so it will always running, restarting the service for every failure and start the Forticlient SSLVPN script on every reboot. I have recorded a video using VirtualBox for this tutorial, but still have no time to edit the video, hopefully the video will be included on the next part. Meanwhile, please subscribe to my Youtube Channel to get the notifications. Thank you, I am really sleepy right now!

Newest Older

Related Posts

    Comments

    Subscribe Our Newsletter