Skip to content

Instantly share code, notes, and snippets.

@mgeeky mgeeky/forticlientsslvpn-expect.sh
Last active Feb 5, 2020

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Simple script intended to automate Fortinet SSL VPN Client connection on Linux using expect scripting.
Raw
forticlientsslvpn-expect.sh
#!/bin/bash
# Forticlient SSL VPN Client launching script utilizing expect.
# --------------------------------------------
# CONFIGURATION
# If empty - script will take some simple logic to locate appropriate binary.
FORTICLIENT_PATH=""
# VPN Credentials
VPN_HOST="host:10443"
VPN_USER="username"
VPN_PASS="password"
# --------------------------------------------
trap ctrl_c INT
function ctrl_c() {
echo "Removing left-over files..."
rm -f /tmp/expect
}
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
if [ -z "$FORTICLIENT_PATH" ]; then
FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)`
if [ ! -f $FORTICLIENT_PATH ]; then
echo "Tried to locate Forticlient SSL VPN Cli binary, but failed."
echo "Specify it at variable FORTCLIENT_PATH"
exit 1
fi
echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH"
fi
echo "Killing previous instances of Forticlient SSL VPN client..."
killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null
cat << EOF > /tmp/expect
#!/usr/bin/expect -f
match_max 1000000
set timeout -1
spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
expect "Password for VPN:"
send -- "$VPN_PASS"
send -- "\r"
expect "Would you like to connect to this server? (Y/N)"
send -- "Y"
send -- "\r"
expect "Clean up..."
close
EOF
chmod 500 /tmp/expect
/usr/bin/expect -f /tmp/expect
rm -f /tmp/expect
@azizasm

This comment has been minimized.

Sign in to view
Copy link

azizasm commented Jul 22, 2017
edited

A very good script to access fortiClient using bash script.
For Ubuntu 64 bit based Linux need to change to uname -a | grep -q 64 because uname -r doesn't work.
@hugoeustaquio

This comment has been minimized.

Sign in to view
Copy link

hugoeustaquio commented Dec 28, 2017

Thanks, it works perfectly!
@ronamosa

This comment has been minimized.

Sign in to view
Copy link

ronamosa commented Apr 3, 2018

Thanks for this. came in real handy for work!
@alfem

This comment has been minimized.

Sign in to view
Copy link

alfem commented Apr 1, 2019

I use something like this, but I do not need to run it with root permissions.
@naxvm

This comment has been minimized.

Sign in to view
Copy link

naxvm commented May 27, 2019

Really useful, thanks!!!!

PD: in my case, the "sudo" launching is not required, I commented that lines on the script and works flawlessly.
@ccarrascoqt

This comment has been minimized.

Sign in to view
Copy link

ccarrascoqt commented Feb 3, 2020

give command line ok

but bash

Always give this terror

he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...

any solution?
Thanks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.