-
-
Save mgeeky/8afc0e32b8b97fd6f96fce6098615a93 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # Forticlient SSL VPN Client launching script utilizing expect. | |
| # -------------------------------------------- | |
| # CONFIGURATION | |
| # If empty - script will take some simple logic to locate appropriate binary. | |
| FORTICLIENT_PATH="" | |
| # VPN Credentials | |
| VPN_HOST="host:10443" | |
| VPN_USER="username" | |
| VPN_PASS="password" | |
| # -------------------------------------------- | |
| trap ctrl_c INT | |
| function ctrl_c() { | |
| echo "Removing left-over files..." | |
| rm -f /tmp/expect | |
| } | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" | |
| exit 1 | |
| fi | |
| if [ -z "$FORTICLIENT_PATH" ]; then | |
| FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)` | |
| if [ ! -f $FORTICLIENT_PATH ]; then | |
| echo "Tried to locate Forticlient SSL VPN Cli binary, but failed." | |
| echo "Specify it at variable FORTCLIENT_PATH" | |
| exit 1 | |
| fi | |
| echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH" | |
| fi | |
| echo "Killing previous instances of Forticlient SSL VPN client..." | |
| killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null | |
| cat << EOF > /tmp/expect | |
| #!/usr/bin/expect -f | |
| match_max 1000000 | |
| set timeout -1 | |
| spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive | |
| expect "Password for VPN:" | |
| send -- "$VPN_PASS" | |
| send -- "\r" | |
| expect "Would you like to connect to this server? (Y/N)" | |
| send -- "Y" | |
| send -- "\r" | |
| expect "Clean up..." | |
| close | |
| EOF | |
| chmod 500 /tmp/expect | |
| /usr/bin/expect -f /tmp/expect | |
| rm -f /tmp/expect |
Thanks, it works perfectly!
Thanks for this. came in real handy for work!
I use something like this, but I do not need to run it with root permissions.
Really useful, thanks!!!!
PD: in my case, the "sudo" launching is not required, I commented that lines on the script and works flawlessly.
give command line ok
but bash
Always give this terror
he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...
any solution?
Thanks
Great
give command line ok
but bash
Always give this terror
he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...any solution?
Thanks
Hi I got the same issue did you ever get the solution?
give command line ok
but bash
Always give this terror
he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...
any solution?
ThanksHi I got the same issue did you ever get the solution?
@tlouyeken22 @ccarrascoqt I am facing the same error. Do you have any solution? 🙏
Hi!
Is there a way to auto accept License, that is being required to at the first run?
forticlientsslvpn-expect.sh: 20: forticlientsslvpn-expect.sh: Syntax error: "(" unexpected
Im getting abvove error. can someone pls help ?
forticlientsslvpn-expect.sh: 20: forticlientsslvpn-expect.sh: Syntax error: "(" unexpected
Im getting abvove error. can someone pls help ?
run as sudo solve your issue
./forticlientsslvpn-expect.sh
Killing previous instances of Forticlient SSL VPN client...
./forticlientsslvpn-expect.sh: line 59: /usr/bin/expect: No such file or directory
root@a219ebdcdda3:/opt/forticlient-sslvpn/64bit#
forticlientsslvpn-expect.sh: 20: forticlientsslvpn-expect.sh: Syntax error: "(" unexpected
Im getting abvove error. can someone pls help ?run as sudo solve your issue
Same issue but couldn't solve the above solution.
Hi,
Thanks for the great script. I have tried to add also token handling
expect "A FortiToken code is required for SSL-VPN login authentication."
send_user "Enter the token: "
gets stdin token
send -- "$token\r"
but i keep getting an error about authentication
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
STATUS::Setting up the tunnel
Press Ctrl-C to quit
Clean up...
so i'm not sure if the problem is in my password where it includes a @ character (escaping with \@) or in the token part or in the token code part.
If i try to login via
forticlientsslvpn_cli --server host:443 --vpnuser vnn_user --keepalive
it asks for the password, certificate and token and everything is working as expected
Do you have any idea maybe?
Thanks
Hi,
Thanks for the great script. I have tried to add also token handling
expect "A FortiToken code is required for SSL-VPN login authentication."
send_user "Enter the token: "
gets stdin token
send -- "$token\r"but i keep getting an error about authentication
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
STATUS::Setting up the tunnel
Press Ctrl-C to quit
Clean up...so i'm not sure if the problem is in my password where it includes a @ character (escaping with
\@) or in the token part or in the token code part.
If i try to login viaforticlientsslvpn_cli --server host:443 --vpnuser vnn_user --keepalive
it asks for the password, certificate and token and everything is working as expected
Do you have any idea maybe?
Thanks
Ok fixed it by changing
- adding a token parameter
token=$1
2)changing the token code part as below
expect "A FortiToken code is required for SSL-VPN login authentication."
send_user "Enter the token: "
send -- "$token\r"
send -- "\r"
and running it with ./forticlientsslvpn-expect.sh [token]
Probably something is interfering between the read token part and the actual token passed to the authentication but I will further troubleshoot this when i have more time but for now maybe this is helpful to someone
@roupasz in which part of the code did you add the token script?
Hi @gabsmprocha ,
To make it more visible, in the VPN Credentials block i added
# VPN Credentials
VPN_HOST="host:10443"
VPN_USER="username"
VPN_PASS="password"
token=$1 #new addition, 1st script parameter as variable
and i have added on more block in the expect part , check expect "A FortiToken code is required for SSL-VPN login authentication." below
cat << EOF > /tmp/expect
#!/usr/bin/expect -f
match_max 1000000
set timeout -1
spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
expect "Password for VPN:"
send -- "$VPN_PASS"
send -- "\r"
expect "Would you like to connect to this server? (Y/N)"
send -- "Y"
send -- "\r"
expect "A FortiToken code is required for SSL-VPN login authentication." #new block
send_user "Enter the token:"
#gets stdin token
send -- "$token\r"
send -- "\r" #end of new block
expect "Clean up..."
close
EOF
so i can then run it like ./forticlientsslvpn-expect.sh <123456>
Maybe it's now clearer ? If not please let me know
invalid command name "--vpnuser"
while executing
"--vpnuser kks"
(file "/tmp/expect" line 5)
@roupasz tks a lot! 😄
np problem @gabsmprocha :)
I'm trying to run the script and I'm getting the following error:
./forticlientsslvpn-expect.sh
Killing previous instances of Forticlient SSL VPN client...
./forticlientsslvpn-expect.sh: line 59: /usr/bin/expect: No such file or directory
Has anyone gone through the same and can help me with this?
Edit**: it is necessary to install the Expect tool before running the Script.
hi @GiseliSiqueira ,
The error shows that expect binary is not installed or at least found in the expected path in your system. You can quickly confirm it by running which expect, if this provides a path you can update the script with the correct one.
If not, then you need to install it and this depends on your distribution.
ex for Ubuntu 18.04
sudo apt update
sudo apt install expect
ex. for Fedora 34
dnf -y install expect
Hope this helps
UPDATE: I just saw your edit, so you've figured out on your own ;)
if there a python copy of this script?
Somehow forticlientsslvpn_cli seems to be no longer available on the FortiNet website. Is there any mirror for it available?
@skjerns Did you find a solution?
yes! I simply use openfortivpn or openfortigui :) did not know there were open source alternatives out
yes! I simply use
openfortivpnoropenfortigui:) did not know there were open source alternatives out
Thank you! Works great :)
Thank you! It's worked for me!
yes! I simply use
openfortivpnoropenfortigui:) did not know there were open source alternatives out
😍
A very good script to access fortiClient using bash script.
For Ubuntu 64 bit based Linux need to change to
uname -a | grep -q 64because uname -r doesn't work.