Fortinet – openfortivpn under Ubuntu Linux

glitchlist Uncategorized Leave a Comment

Ubuntu Network Manager have Fortinet SSL VPN Plug-in for connect you to HQ network. Below you will find instructions for activating the plu-gin and configuring it.

First:

Install plugin:

sudo apt-get install openfortivpn
sudo apt-get install network-manager-fortisslvpn
sudo apt-get install network-manager-fortisslvpn-gnome

Second:

Configure NM:

CREATE a new Fortinet SSLVPN Connection Type
SET a Connection name a Gateway and Authentication infos

Third:

do the magic:

For work correctly we must find trusted-cert string and insert it in the client Advanced settings.

sudo openfortivpn ssl.glitchlist.com:443 -u glitchusr1 -v
WARN:   Bad port in config file: "0".
DEBUG:  Loaded config file "/etc/openfortivpn/config".
VPN account password: [INSERT PASSWORD]
DEBUG:  Config host = "ssl.glitchlist.com"
DEBUG:  Config realm = ""
DEBUG:  Config port = "443"
DEBUG:  Config username = "glitchusr1"
DEBUG:  Config password = "********"
DEBUG:  server_addr: 10.99.208.1
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 10.99.208.1
DEBUG:  gateway_port: 443
DEBUG:  Gateway certificate validation failed.
ERROR:  Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert 790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
ERROR:  or add this line to your config file:
ERROR:      trusted-cert = 790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
ERROR:  Gateway certificate:
ERROR:      subject:
ERROR:          CN=*.glitchlist.com
ERROR:      issuer:
ERROR:          C=US
ERROR:          O=DigiCert Inc
ERROR:          OU=www.digicert.com
ERROR:          CN=RapidSSL RSA CA 2018
ERROR:      sha256 digest:
ERROR:          790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
INFO:   Closed connection to gateway.
DEBUG:  server_addr: 10.99.208.1
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 10.99.208.1
DEBUG:  gateway_port: 443
DEBUG:  Gateway certificate validation failed.
ERROR:  Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert 790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
ERROR:  or add this line to your config file:
ERROR:      trusted-cert = 790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
ERROR:  Gateway certificate:
ERROR:      subject:
ERROR:          CN=*.glitchlist.com
ERROR:      issuer:
ERROR:          C=US
ERROR:          O=DigiCert Inc
ERROR:          OU=www.digicert.com
ERROR:          CN=RapidSSL RSA CA 2018
ERROR:      sha256 digest:
ERROR:          790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
INFO:   Could not log out.
COPY trusted-cert string under Advanced>Security>Trusted certificate
SAVE and start the VPN, then enjoy ssl tunnel!

EXPLANATION:

Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
–trusted-cert 790e6699900a4f8e9ab2612ddbf4757d290c7b621329b69da963b83948b0c142
or add this line to your config file:

Hope this help!

.glitchlist crew

Leave a Reply

Your email address will not be published. Required fields are marked *