-->

Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)

Having Fortigate device for Site-to-Site IPSec tunneling maybe too expensive for your company branch. As an alternative, you can just build a router from an old computer and turn it into tunneling router with Forticlient SSLVPN CLI.

This article will show you How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative). It is assume that your main office already have Fortigate with SSLVPN enabled and already work with Forticlient users.

How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)

Before we start, please read this post about How to build Linux Router with Ubuntu Server 20.04 LTS, this article will not cover about settings network on Ubuntu 20.04 LTS and will focus on installing Forticlient SSLVPN CLI on Ubuntu Linux. Let's start!!!

How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-toSite cheaper alternative)
How to Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-toSite cheaper alternative)
 

In this example,  I am using Ubuntu 20.04 LTS on VirtualBox that already have basic network configuration to connect to the internet and to client computers.

Installing Forticlient SSLVPN CLI

- Make sure your router already connected to the internet

ping 8.8.8.8

- Become root

sudo su

and enter your user password

Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)
Checking internet connection and become 'root'

- Update and install ppp and net-tools package from Ubuntu

apt update && apt install ppp net-tools
Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)
Install ppp and net-tools package on Ubuntu

- Download Fortigate SSLVPN CLI to /opt directory (any directory will work, by the way)

cd /opt
wget http://cdn.software-mirrors.com/forticlientsslvpn_linux_4.4.2328.tar.gz

- Extract forticlientsslvpn_linux_4.4.2328.tar.gz

tar zxvf forticlientsslvpn_linux_4.4.2328.tar.gz
Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)
Go to /opt directory, Download and extract forticlientsslvpn_linux_4.4.2328.tar.gz
- Check whether you are using 64bit or 32bit system
uname -m

The output: i686 means 32bit system and x86_64 means 64bit system

- Go to the forticlientsslvpn_cli executable file

cd forticlientsslvpn/64bit/

or

cd forticlientsslvpn/32bit/

depend on your system

- Execute forticlientsslvpn_cli to test connecting to your main office or DC

./forticlientsslvpn_cli --server <serveraddress>:<port> --vpnuser <username>

example:

./forticlientsslvpn_cli --server vpn.networkreverse.com:10443 --vpnuser andra

enter your forticlient user's password and type 'Y' if it asked about untrusted certificate.

Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative)

- Wait for the connection established, and you are done installing Forticlient SSLVPN CLI on Ubuntu Router

Enable Packet Forwarding and Masquerading for Client

- Enable Packet Forwarding

nano /etc/sysctl.conf

Find and uncomment net.ipv4.ip_forward=1 line, save the file ('CTRL+X' then 'Y' and 'Enter')

sysctl -p

Apply the configurations

- Enable Masquerading

iptables -t nat -A POSTROUTING -j MASQUERADE

This procedure already explain at How to build Linux Router with Ubuntu Server 20.04 LTS article.

Optional: Run Forticlient SSLVPN CLI at background using screen

- Install screen

apt install screen

- Run screen

screen

Then press enter

- Run Forticlient SSLVPN CLI

/opt/forticlientsslvpn/64bit/forticlientsslvpn_cli --server <serveraddress>:<port> --vpnuser <username>

or

/opt/forticlientsslvpn/32bit/forticlientsslvpn_cli --server <serveraddress>:<port> --vpnuser <username>

Press CTRL+a then d to run screen at background

Note: To enter the background screen session, type screen -r

You are done Setup Linux Router with Forticlient SSLVPN CLI (Fortigate Site-to-Site cheaper alternative). Now you can check if your client computer can access Main office (DC) server without using/install Forticlient on each PC.

Please subscribe to my Youtube channel to get notifications for the video tutorial on Setup Linux Router with Forticlient SSLVPN CLI. Next article will be creating service for Forticlient SSLVPN so it will make sure it's always running in the background.

Newest Older

Related Posts

    Comments

    Subscribe Our Newsletter