Linux – How to disconnect a forticlient VPN connection from a script

fortinetlinuxsslvpn

I need to make an bash script on Linux that connects into an VPN, processes some tasks, and then disconnects.

To connect to the VPN I use the forticlient ssl vpn (like fortinet but for VPN instead). For example:

./forticlientsslvpn_cli --server 172.17.97.85:10443 --vpnuser forti

Does any know the how to then disconnect from a script afterwards?

Best Answer

In your case, simply record a PID of the forticlientsslvpn_cli process and send it SIGHUP, SIGQUIT or SIGTERM. The preferred signal is the one that makes a graceful disconnect. A bit dirty solution (although maybe good enough for you) is to use just killall -s SIG... forticlientsslvpn_cli.

Fortigate devices also support Cisco-style IPsec connections and there're multiple software clients available for Linux, so replacing SSL VPN client may be another way to go.

Related Solutions

Connect to a Fortinet VPN with Ubuntu

If you use SSL based VPN from Fortinet, you can use openfortivpn software which is part of Ubuntu and Fedora.

$ sudo apt install -y openfortivpn || yum install -y openfortivpn
$ touch openfortivpn.conf
$ chmod go= openfortivpn.conf

Edit openfortivpn.conf:

host =
port =
username =
password =
# trusted-cert =

Connect the first time:

$ sudo openfortivpn -c openfortivpn.conf
ERROR:  Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert  <some-random-string-to-add-to-trusted-cert>

Edit openfortivpn.conf file and update trusted-cert option with the string from the error. Make sure the option is not commented (remove the #).

Each time you need to connect, run:

sudo openfortivpn -c openfortivpn.conf

You could also do it straight through the command line and make an alias for it in your .bashrc. This is less secure as any user on the system will be able to see the password using ps.

sudo openfortivpn -u <USER> -p <PASSWORD> --trusted-cert <CERTIFICATE> <SERVER>:<PORT>

To disconnect press: Ctrl+C

Centos – Fortinet SSL VPN Client Setup Without GUI on Linux (centos)

I spent a while trying to find documentation on this, and got this from a Fortinet Engineer.

Install like any other using tar.gz file Then run below command in linux CLI
Then run below command in linux CLI

./forticlientsslvpn_cli --server 172.17.97.85:10443 --vpnuser forti

Make sure the command run from the sslvpn directory. Substitute the IP address with the one of your server .

Best Answer

Related Solutions

Connect to a Fortinet VPN with Ubuntu

Centos – Fortinet SSL VPN Client Setup Without GUI on Linux (centos)

Related Topic