Closed carbonem closed 4 months ago
tramir
commented
4 months ago I can confirm on my computer. openfortivpn 1.20.5 can connect, ask for the 2FA input, and then proceed to set up the PPP tunnel (I hope this is the right terminology). openfortivpn 1.21.0, started with the same arguments, asks for the 2FA input, but then proceeds to hang as in the comment above. I'll be more than happy to provide a log or any information needed to debug and find a solution.
DimitriPapadopoulos
commented
4 months ago First things first. Does option --pppd-accept-remote=0 help?
If not, are you able to build from sources? If so, there aren't many significant changes between 1.20.5 and 1.21.0: https://github.com/adrienverge/openfortivpn/compare/v1.20.5...v1.21.0
I would try to revert some of these commits, build, and run - until I can identify which commit breaks openfortivpn:
tramir
commented
4 months ago The option --pppd-accept-remote=0 does indeed solve the issue -- thanks! Did the default behavior change between 1.20.5 and 1.21.0?
DimitriPapadopoulos
commented
4 months ago Where did you get openfortivpn from?
The README is clear about it: https://github.com/adrienverge/openfortivpn/blob/70ddecde60669915703a4b938abd22282921bf89/README.md?plain=1#L172-L180
I modified the Homebrew formulae myself: https://github.com/Homebrew/homebrew-core/commit/d88b7a153a82827379aa729360fd71a4e1c47e52
In theory, openfortivpn for macOS should be built with --enable-legacy-pppd on macOS, which should make --pppd-accept-remote=0 the default, instead of --pppd-accept-remote=1. I am not familiar with Homebrew, but I suspect the above commit has not been taken into account to produce new Homebrew packages. You might have to wait for 1.22.0 (https://github.com/adrienverge/openfortivpn/pull/1211) for the change to be integrated to Homebrew builds.
tramir
commented
4 months ago I use Macports, not homebrew. I'll check how to change the portfile to build with the --enable-legacy-pppd option and report back. If it all works, I'll submit a ticket to Macports about it.
tramir
commented
4 months ago Just checked and yes, compiling with --enable-legacy-pppd solves the issue. I'll notify Macports maintainers. I don't use Homebrew so I hope the changes you (@DimitriPapadopoulos) made are enough. Thank you for this wonderful piece of software and for helping identify the issue so quickly!
Dear all,
I'm not an expert, so I hope you have some patience ;-)
I'm having an issue with connecting to my work VPN. Using openfortivpn works for other colleagues, so I guess the issue is with my machine.
Below find details on what the issue is. Can you please help me fixing this issue?
Machine: Apple M1 (2020)OS: Sonoma (14.4.1)`openfortivpn version: 1.21.0openfortivpn config file:
set-dns = 0pppd-use-peerdns = 1host = sslvpn.mywork.mycountryport = 443username = myusernamecommand executed from shell
sudo openfortivpn -c configoutput (where it gets stuck, sanitised from real ip addresses)
Password:VPN account password:INFO: Connected to gateway.Please enter one-time password:INFO: Authenticated.INFO: Remote gateway has allocated a VPN.Fri Apr 5 11:31:24 2024 : publish_entry SCDSet() failed: Success!Fri Apr 5 11:31:24 2024 : publish_entry SCDSet() failed: Success!Fri Apr 5 11:31:24 2024 : Using interface ppp0Fri Apr 5 11:31:24 2024 : Connect: ppp0 <--> /dev/ttys001INFO: Got addresses: [X], ns [Y.142.2, Y.142.3], ns_suffix [mywork.mycountry]Fri Apr 5 11:31:24 2024 : local IP address XFri Apr 5 11:31:24 2024 : remote IP address Y.132.211Fri Apr 5 11:31:24 2024 : primary DNS address Y.142.2Fri Apr 5 11:31:24 2024 : secondary DNS address Y.142.3Fri Apr 5 11:31:24 2024 : Committed PPP storeFri Apr 5 11:31:24 2024 : Committed PPP storeat this point it gets stuck and nothing happens...if I hit ^C, then I get the following weird messages
^CINFO: Cancelling threads...INFO: Cleanup, joining threads...INFO: Interface ppp0 is UP.INFO: Setting new routes...WARN: Could not get current default route (Parsing /proc/net/route failed).WARN: Protecting tunnel route has failed. But this can be working except for some cases.WARN: Adding route table is incomplete. Please check route table.INFO: Tunnel is up and running.INFO: Setting ppp0 interface down.INFO: Restoring routes...Fri Apr 5 11:36:25 2024 : Hangup (SIGHUP)Fri Apr 5 11:36:25 2024 : Modem hangupFri Apr 5 11:36:25 2024 : Connection terminated.Fri Apr 5 11:36:25 2024 : LCP close (User request).Fri Apr 5 11:36:25 2024 : Connect time 5.1 minutes.Fri Apr 5 11:36:25 2024 : Sent 3800 bytes, received 14612 bytes.INFO: pppd: The link was terminated by the modem hanging up.INFO: Terminated pppd.INFO: Closed connection to gateway.INFO: Logged out.