Previous post already explain How to run Forticlient SSLVPN CLI on Ubuntu 20.04 router. But if you want to make it as a Fortigate Site-to-site tunnel replacement, you need to make sure Forticlient SSLVPN always running on the Ubuntu router.
This post will focus on creating script to run Forticlient SSLVPN CLI without the need to interact while it is connecting (i.e inserting password, allow untrusted certificates) and run the script as a service to make sure it always running and starting every time the system reboot.
 |
| Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router |
Before we start, please read other previous posts. These posts are important to make sure everything we need already fulfilled, and the only thing left is How To Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router. These posts must be read and done first:
- Ubuntu Server 20.04 LTS - Basic Network Configuration with netplan
- How to build Linux Router with Ubuntu Server 20.04 LTS
- Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)
How To Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router
Create script to run Forticlient SSLVPN CLI
This tutorial will use expect script to run Forticlient SSLVPN CLI, so we don't need to type username, password and accept the invalid certificate while connecting with Forticlient SSLVPN CLI.
Install expect to your Ubuntu 20.04 Router with this command
apt update -y && apt install expect -y
With expect script, it will send the string we want for every expected output. For example when running Forticlient, we need to input password when it prompts Password for VPN:. So to use expect, you need to write the output line that needs you to interact with the program.
To create a new script, let say we will create forti.sh script at /opt directory, type this command on terminal:
nano /opt/forti.sh
Here my expect script for Forticlient SSLVPN CLI and some explanations:
#!/usr/bin/expect set timeout -1 spawn /opt/forticlientsslvpn/64bit/forticlientsslvpn_cli --server vpn.entaah.laah:10443 --vpnuser user.dummy expect "Password for VPN:" send "12345678\n" expect "(Y/N)" send "Y\n" expect "Tunnel close" close exit expect eof
Press CTRL+x then y and enter to create and save the forti.sh script.
Script explanations:
#!/usr/bin/expect: Indicate we are using expect scriptset timeout -1: Immediately send string when expected output appearsspawn /opt/forticlientsslvpn/64bit/forticlientsslvpn_cli...: Execute Forticlient SSLVPN CLI program with the parameters (changes it if you extracted the Forticlient in different folder also change theserverandvpnuserparameter)expect "Password for VPN:"andsend "12345678\n": When the output line from Forticlient SSLVPN CLI program isPassword for VPN:, the script will imediately send12345678(password for user.dummy) and sendenter(\nor\ris simulated enter pressed)expect "(Y/N)"andsend "Y\n": Immediately sendYand pressenterwhen(Y/N)appears on the output lineexpect "Tunnel close",close,exitandexpect eof: Make sure the script stop. It will needed to clean up process id to make sure Forticlient SSLVPN just have 1 instance running especially when we are using the script as a service on the next step. It is simulate pressingCTRL+cto quit .
Change the red colored script with your own parameters.
Optional, make the script executable with this command:
chmod +x /opt/forti.sh
That's all for Make Forticlient SSLVPN CLI always Running on Ubuntu 20.04 Router Part 1, we will continue to part 2 for creating the script on this post as a service so it will always running, restarting the service for every failure and start the Forticlient SSLVPN script on every reboot. I have recorded a video using VirtualBox for this tutorial, but still have no time to edit the video, hopefully the video will be included on the next part. Meanwhile, please subscribe to my Youtube Channel to get the notifications. Thank you, I am really sleepy right now!
