Simple script intended to automate Fortinet SSL VPN Client connection on Linux using expect scripting.

forticlientsslvpn-expect.sh

#!/bin/bash

# Forticlient SSL VPN Client launching script utilizing expect.

# --------------------------------------------
# CONFIGURATION

# If empty - script will take some simple logic to locate appropriate binary.
FORTICLIENT_PATH=""

# VPN Credentials
VPN_HOST="host:10443"
VPN_USER="username"
VPN_PASS="password"

# --------------------------------------------

trap ctrl_c INT

function ctrl_c() {
  echo "Removing left-over files..."
  rm -f /tmp/expect
}

if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root"
  exit 1
fi

if [ -z "$FORTICLIENT_PATH" ]; then
  FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)`
  if [ ! -f $FORTICLIENT_PATH ]; then
    echo "Tried to locate Forticlient SSL VPN Cli binary, but failed."
    echo "Specify it at variable FORTCLIENT_PATH"
    exit 1
  fi
  echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH"
fi

echo "Killing previous instances of Forticlient SSL VPN client..."
killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null

cat << EOF > /tmp/expect
#!/usr/bin/expect -f
match_max 1000000
set timeout -1
spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
expect "Password for VPN:"
send -- "$VPN_PASS"
send -- "\r"

expect "Would you like to connect to this server? (Y/N)"
send -- "Y"
send -- "\r"

expect "Clean up..."
close
EOF

chmod 500 /tmp/expect
/usr/bin/expect -f /tmp/expect

rm -f /tmp/expect

A very good script to access fortiClient using bash script.
For Ubuntu 64 bit based Linux need to change to uname -a | grep -q 64 because uname -r doesn't work.

Thanks, it works perfectly!

Thanks for this. came in real handy for work!

I use something like this, but I do not need to run it with root permissions.

Really useful, thanks!!!!

PD: in my case, the "sudo" launching is not required, I commented that lines on the script and works flawlessly.

give command line ok

but bash

Always give this terror

he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...

any solution?
Thanks

Great

give command line ok

but bash

Always give this terror

he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...

any solution?
Thanks

Hi I got the same issue did you ever get the solution?

give command line ok
but bash
Always give this terror
he certificate for the SSLVPN server is invalid.
You are connecting to an untrusted server. which could put your confidential information at risk.
Would you like to connect to this server? (Y/N)
Y
NOTICE::Insufficient credential(s). Please check the password, client certificate, etc.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...
any solution?
Thanks

Hi I got the same issue did you ever get the solution?

@tlouyeken22 @ccarrascoqt I am facing the same error. Do you have any solution? 🙏

Hi!
Is there a way to auto accept License, that is being required to at the first run?

forticlientsslvpn-expect.sh: 20: forticlientsslvpn-expect.sh: Syntax error: "(" unexpected

Im getting abvove error. can someone pls help ?