Scripting the Fortigate VPN Client

Fri 12 September 2014
By makefu

Again there was a need to fix frickelsoftware. In that case i needed a permanent vpn connection via the fortigate vpn client . Problem is, that the tunnel disconnects after some time but the client does not exists and that input cannot simply piped into the executable.

I wrote an Expect script which works work around both issues:

#!/usr/bin/expect -f
# cd into the 64 bit folder of the client
# usage: efort.exp

spawn ./forticlientsslvpn_cli --server <VPNIP>:<VPNPORT> --vpnuser <VPNUSER> 2>&1
log_user 0
send_user "Logging in\n"
expect "Password for VPN:"
send "<VPNPASSWORD>\n"

# i needed ths for 'certificate error'
expect "Would you like to connect to this server"
send "Y\n"
send_user "Beginning to connect\n"
expect "STATUS::Tunnel running"
send_user "Tunnel running!\n"

# this is how long the next expect waits for pattern match, in seconds
set timeout 90001
expect "STATUS::Tunnel closed"
send_user "Tunnel closed!\n"
send_user "Dying\n"

At the end, enterprise-loop the script and we are done!

cd "$(dirname "$(readlink -f "$0")")"
while sleep 1;do
    expect efort.exp
    echo "Restarting forticlient !"

Fyi: It seems it is not that easy to find the fortigate client for linux, if you are lucky you can get it from the official FTP server or have a look at the current fortclientsslvpn AUR package.