Skip to content

Instantly share code, notes, and snippets.

@SydoxX
Last active October 7, 2024 17:44
Show Gist options
  • Save SydoxX/f40a9d4d7af414049b6e07092e8bbc2b to your computer and use it in GitHub Desktop.
Save SydoxX/f40a9d4d7af414049b6e07092e8bbc2b to your computer and use it in GitHub Desktop.
Fixes Forticlient 7.0.7
#!/bin/bash
# version 2 thanks to @dhx-mike-palandra
echo "Creating /etc/NetworkManager/conf.d/99-forticlient.conf..."
sudo cat > /etc/NetworkManager/conf.d/99-forticlient.conf << 'EOF'
[keyfile]
unmanaged-devices=interface-name:~vpn*,type:tun
EOF
if [ $? -eq 0 ]
then
echo "Successfully created config file. VPN connection should work now."
else
echo "Failed to create config file! Try running this script with root permissions."
fi
@jesuinovieira
Copy link

Are you using the same forticlient version? 7.0.7
Are you having the same error? Config routing table failed

@SerhiiOsypenko
Copy link

Name : forticlient
Version : 7.0.7.0246
Release : 1.el7
Architecture: x86_64

@jesuinovieira
Copy link

Take a look at the logs, I have no clue what's going on

@ygorcrod
Copy link

Amazing job, @SydoxX. Many thanks for it! It actually works on Forticlient 7.0.7.0246 and helped me a lot.

@almirneo
Copy link

almirneo commented Aug 4, 2023

Thank you so much!

@feroda
Copy link

feroda commented Aug 5, 2023

Try this fragment stored in /etc/NetworkManager/conf.d/99-forticlient.conf:

[keyfile]
unmanaged-devices=interface-name:~vpn*,type:tun

Worked for me on Fedora 38 with FortiClient 6.4. See also: NetworkManager.conf(5)

this configuration line fixed the problem on my Ubuntu 23.04, and it is cleaner than the (good hack) script.
Thanks a lot!

@SydoxX
Copy link
Author

SydoxX commented Aug 5, 2023

Updated script to @dhx-mike-palandra's solution which is a lot sleeker. Thanks a lot!

@Arno38
Copy link

Arno38 commented Aug 14, 2023

Thanks for this good fix, really helped us on last weeks !

Just noticed that the working version of FortiClient VPN only for last Debian/Ubuntu revs is available to download on our Fortinet Customer Account in the Support Portal : forticlient_vpn_7.2.1.0700_amd64.deb file
The public Fortinet website only give the forticlient_vpn_7.0.7.0246_amd64.deb who has this bug...

I just opened a support ticket at Fortinet Support asking them to update the FortiClient VPN Debian download link on public website...
Waiting for greats news about this...

ticket

@Ur199
Copy link

Ur199 commented Aug 14, 2023

Hi,
Thanks for the script work perfectly
But i can't aceess to my lan network

@jhelios
Copy link

jhelios commented Aug 28, 2023

Thanks!
Works excellent! So useful!
(Maybe it's necessary to reboot the system)

@parth-io
Copy link

@dhx-mike-palandra @SydoxX

Can you update the script to request the user to reboot, or restart NetworkManager?

sudo systemctl restart NetworkManager.service

Also, I'm curious, why does your hackish script work? As far as I can tell, it tells NetworkManager to treat 'vpn' interfaces and 'tun' devices as unmanaged, but I don't understand how NetworkManager can interfere with FortiClient

@camilo8aa
Copy link

@dhx-mike-palandra @SydoxX

Can you update the script to request the user to reboot, or restart NetworkManager?

sudo systemctl restart NetworkManager.service

Also, I'm curious, why does your hackish script work? As far as I can tell, it tells NetworkManager to treat 'vpn' interfaces and 'tun' devices as unmanaged, but I don't understand how NetworkManager can interfere with FortiClient

Thank you guys!, you save my day!!

@brownian
Copy link

brownian commented Sep 6, 2023

Guys, there is a checkbox regarding "invalid certificates" in Options, and a drop-down list too. .)

@juliusfourlong
Copy link

Friends, the script works for me in PepperMintOS and FortiClient 7.0.7. Thanks a lot

@vonKaster
Copy link

Life saver, worksss

@andreish
Copy link

andreish commented Oct 8, 2023

using forticlientvpn 7.0.7.0246
worked after running script and restartinng NetworkManager :)

./forti-fix.sh 
systemctl restart NetworkManager

@baobabfruit88
Copy link

Works for opensuse

@gcalcettebr
Copy link

gcalcettebr commented Oct 23, 2023

Forticlientvpn 7.0.7.0246
Debian 12

worked after

./forti-fix.sh
systemctl restart NetworkManager
reboot

@ramoralesc
Copy link

Thans guys, the script works for me With
./forti-fix.sh
systemctl restart NetworkManager

in LMDE 6 (Faye - Debian 12.1 ) and FortiClient 7.0.7.0246 Thanks a lot

@Xiol
Copy link

Xiol commented Nov 2, 2023

This sorted my issues on Fedora 38.

I use an OpenConnect VPN as well and the original configuration line did cause problems with that. To tighten up the NetworkManager match, you may want to change the line to:

unmanaged-devices=interface-name:~vpn00*,type:tun

This assumes that Fortinet creates all its interfaces starting with vpn00 for you like it does on my device. This way it won't affect VPNs created with OpenConnect which are usually vpn0, vpn1, etc.

@gcharalampous
Copy link

Any luck with Fedora 39?

@parth-io
Copy link

parth-io commented Nov 9, 2023

Hi all, if you are facing issues with Forti's own client, I can recommend openfortivpn

@gcharalampous
Copy link

Hi all, if you are facing issues with Forti's own client, I can recommend openfortivpn

Unfortunately, I need the SAML Login which upon my knowledge is not supported by openfortivpn.

@parth-io
Copy link

parth-io commented Nov 9, 2023

You can try openfortivpn-webview. openfortivpn has a link to SAML in their README

@evgzakharov
Copy link

Thanks! Ubuntu 23.10 works!

@AdamZajler
Copy link

Dosen't work on ubuntu 23.10 / FortiClient VPN 7.2.2.0753 :(

@guboi
Copy link

guboi commented Jan 25, 2024

Works on kali 2023.4 . Thank you very much !

@Zonkil9
Copy link

Zonkil9 commented Feb 19, 2024

The script worked perfectly with FortiClient VPN 7.0.7.0246 but it does not work with version 7.2.2.0753. My OS is Debian 12.

@jvanoosterom
Copy link

jvanoosterom commented Sep 20, 2024

ubuntu 24, forticlient 7.0.0.0018, reboot was needed
thanks!

@jmlipari
Copy link

jmlipari commented Oct 1, 2024

ubuntu 24, forticlient 7.0.0.0018, reboot was not needed.
Thank you!! you save my day

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment