Having Fortigate device for Site-to-Site IPSec tunneling maybe too expensive for your company branch. As an alternative, you can just build a router from an old computer and turn it into tunneling router with Forticlient SSLVPN CLI.
This article will show you How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative). It is assume that your main office already have Fortigate with SSLVPN enabled and already work with Forticlient users.
How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)
Before we start, please read this post about How to build Linux Router with Ubuntu Server 20.04 LTS, this article will not cover about settings network on Ubuntu 20.04 LTS and will focus on installing Forticlient SSLVPN CLI on Ubuntu Linux. Let's start!!!
 |
| How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-toSite cheaper alternative) |
In this example, I am using Ubuntu 20.04 LTS on VirtualBox that already have basic network configuration to connect to the internet and to client computers.
Installing Forticlient SSLVPN CLI
- Make sure your router already connected to the internet
ping 8.8.8.8
- Become root
sudo su
and enter your user password
 |
| Checking internet connection and become 'root' |
- Update and install ppp and net-tools package from Ubuntu
apt update && apt install ppp net-tools
 |
| Install ppp and net-tools package on Ubuntu |
- Download Fortigate SSLVPN CLI to /opt directory (any directory will work, by the way)
cd /opt wget http://cdn.software-mirrors.com/forticlientsslvpn_linux_4.4.2328.tar.gz
- Extract forticlientsslvpn_linux_4.4.2328.tar.gz
tar zxvf forticlientsslvpn_linux_4.4.2328.tar.gz
 |
| Go to /opt directory, Download and extract forticlientsslvpn_linux_4.4.2328.tar.gz |
uname -m
The output: i686 means 32bit system and x86_64 means 64bit system
- Go to the forticlientsslvpn_cli executable file
cd forticlientsslvpn/64bit/
or
cd forticlientsslvpn/32bit/
depend on your system
- Execute forticlientsslvpn_cli to test connecting to your main office or DC
./forticlientsslvpn_cli --server <serveraddress>:<port> --vpnuser <username>
example:
./forticlientsslvpn_cli --server vpn.networkreverse.com:10443 --vpnuser andra
enter your forticlient user's password and type 'Y' if it asked about untrusted certificate.
- Wait for the connection established, and you are done installing Forticlient SSLVPN CLI on Ubuntu Router
Enable Packet Forwarding and Masquerading for Client
- Enable Packet Forwarding
nano /etc/sysctl.conf
Find and uncomment net.ipv4.ip_forward=1 line, save the file ('CTRL+X' then 'Y' and 'Enter')
sysctl -p
Apply the configurations
- Enable Masquerading
iptables -t nat -A POSTROUTING -j MASQUERADE
This procedure already explain at How to build Linux Router with Ubuntu Server 20.04 LTS article.
Optional: Run Forticlient SSLVPN CLI at background using screen- Install screen
apt install screen
- Run screen
screen
Then press enter
- Run Forticlient SSLVPN CLI
/opt/forticlientsslvpn/64bit/forticlientsslvpn_cli --server <serveraddress>:<port> --vpnuser <username>
or
/opt/forticlientsslvpn/32bit/forticlientsslvpn_cli --server <serveraddress>:<port> --vpnuser <username>
Press CTRL+a then d to run screen at background
Note: To enter the background screen session, type screen -r
You are done Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative). Now you can check if your client computer can access Main office (DC) server without using/install Forticlient on each PC.
Please subscribe to my Youtube channel to get notifications for the video tutorial on Setup Linux Router with Forticlient SSLVPN CLI. Next article will be creating service for Forticlient SSLVPN so it will make sure it's always running in the background.
){kind=link}