Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:public:netz:vpn_forticlient_linux [24.03.2022 00:22] – Translated title to be grammatically correct pit37126en:public:netz:vpn_forticlient_linux [11.04.2024 09:54] (current) – [Step 1: FortiClient Download] huw38409
Line 13: Line 13:
 ====== Step 1: FortiClient Download ====== ====== Step 1: FortiClient Download ======
  
-FortiClient for SSL-VPN can be downloaded directly using the following linksThere is a 32-bit and a 64-bit version available for download. +* [[https://filegw.hs-regensburg.de/webdav/Software/AustauschSoftware/supportwiki/Forticlient/forticlient_vpn_7.0.12.0370_x86_64.rpm|Forticlient rpm download for 64-bit Systeme (Login with OTH-Credentialsabc12345@hs-regensburg.de)]] \\ 
- +* [[https://filegw.hs-regensburg.de/webdav/Software/AustauschSoftware/supportwiki/FortiClient/forticlient_vpn_7.0.12.0370_amd64.deb|Forticlient deb download for 64-bit Systeme (Login with OTH-Credentials - Kennungabc12345@hs-regensburg.de)]] \\
-ForitClient Installer: {{ :public:netz:vpn:linux:forticlientsslvpn_linux_4.4.2332.tar.gz |}}\\ +
-FortiClient CLI version for 32-bit systems{{ :public:netz:vpn:linux:sslvpnclient32pkg_4.4.2332.tar.gz |}}\\ +
-FortiClient CLI version for 64-bit systems{{ :public:netz:vpn:linux:sslvpnclient64pkg_4.4.2332.tar.gz |}}\\ +
  
 ====== Step 2: FortiClient installation & configuration ====== ====== Step 2: FortiClient installation & configuration ======
Line 48: Line 44:
 The certificate should be used to prevent man-in-the-middle attacks. The value of "trusted-cert" within the config file is identical to the SHA-256 hash of the server certificate. A simple verification of the certificate and its signatures is for example possible using your browser by opening [[https://sslvpn.oth-regensburg.de]] and inspecting the details of the certificate (z.B. lock icon left to the address bar in Firefox -> More information -> Show certificate). This should happen automatically if you import the DFN-certificate globally. The certificate should be used to prevent man-in-the-middle attacks. The value of "trusted-cert" within the config file is identical to the SHA-256 hash of the server certificate. A simple verification of the certificate and its signatures is for example possible using your browser by opening [[https://sslvpn.oth-regensburg.de]] and inspecting the details of the certificate (z.B. lock icon left to the address bar in Firefox -> More information -> Show certificate). This should happen automatically if you import the DFN-certificate globally.
  
-Important note: Inorder for the client to work ''pppd'' must be installed.+You can use the "%%--%%persistent=<interval seconds>" command line option to make openfortivpn reconnect automatically on connection loss. 
 + 
 +Important note: In order for the client to work "pppdmust be installed.\\ 
 +For pppd Versions > 2.5.0, you may need to additionally add the "%%--%%pppd-accept-remote" command line option to openfortivpn. See [[https://github.com/adrienverge/openfortivpn/issues/1138|this issue on openfortivpn's github]] for more information. 
 + 
 +**If you fail to mount network drives from fs.hs-regensburg.de while connected with openfortivpn:** 
 + 
 +This is likely because you have IPv6 enabled in your remote LAN and your system is set to prefer IPv6.\\ 
 +A workaround is to add a host entry to /etc/hosts, forcing IPv4 for fs.hs-regensburg.de: 
 + 
 +<code> 
 +127.0.0.1       localhost 
 +::1             localhost 
 +127.0.1.1       schwalbe.localdomain schwalbe 
 + 
 +194.95.106.39   fs.hs-regensburg.de 
 +</code> 
 + 
 +Also, you could use the IPv4 address instead of the hostname in your mount call. 
 + 
 +This happens because fs.hs-regensburg.de provides an IPv6 address, but as of now IPv6 isn't supported by the OTH network and also not by openfortivpn. So the IPv6 traffic is not routed through the VPN and the mount fails. 
 + 
 +You can check if your system tries to use IPv6 by pinging or mounting with debug output enabled: 
 +<code> 
 +$ ping fs.hs-regensburg.de 
 +PING fs.hs-regensburg.de(fs.hs-regensburg.de (2001:638:a01:8013::39)) 56 
 +Datenbytes 
 + 
 +$ mount -t cifs -v //fs.hs-regensburg.de/storage HS -o domain=hs-regensburg.de,username=abc12345 
 +mount.cifs kernel mount options: ip=2001:638:a01:8013::39,unc=\\2001:638:a01:8013::39\storage,user=abc12345,domain=hs-regensburg.de,pass=******** 
 +mount error(101): Network is unreachable 
 +</code> 
 + 
 +You can check the IPv6 status of your environment with a service like [[https://ipv6-test.com/]]. 
 + 
 +Also see the [[public:lwdoc:netzlaufwerke_linux|german]] or [[en:public:lwdoc:netzlaufwerke_linux|english]] articles for using the network drives with linux. 
  
  

You are here: portal » en » public » netz » vpn_forticlient_linux

Print/export
Languages