[Feature Request] Windows build

[spidey]

Would it be possible to port this to Windows?

[mrbaseman]

I have tried to build openfortivpn with mingw and with cygwin, but didn't succeed with either option without modifying the source. The code makes use of a few parts of the linux kernel, like network interfaces, routing tables, parallel threads,... The kernel used in Mac OSX also is a unix-like one, but for the Mac OSX port of openfortivpn a few changes to the source code were needed, involving workarounds like parsing the output of netstat instead of reading entries of the /proc filesystem. It might be possible to find similar workarounds to port the code to cygwin for instance. The next obstacle is that openfortivpn calls pppd for handling the vpn connection, but there seems to be no pppd for cygwin yet, so part of the port would be porting pppd, or at least finding a replacement for the features of pppd we use. I guess that writing a standalone ssl vpn application based on windows sockets and maybe AnyTun as suggested here would probably not be much more effort. Anyhow, if anyone successfully ports openfortivpn to windows I would be happy to review a pull request.

[DimitriPapadopoulos]

A substantial part of the code is based on POSIX system calls. Porting openfortivpn means porting or even rewriting at least these files: config.c, io.c, ipv4.c, log.c, tunnel.c, userinput.c.

A supported proprietary client is already available on Windows. The Windows client uses primarily IPSec, but can fall back to SSL. What value do you see value in porting openfortivpn to Windows? I'm not against it, just pointing out it implies significant work...

[mrbaseman]

An argument for the windows port would be to have a more or less unique client that supports all major operating systems on the market, which makes support for all user groups a bit easier.

[spidey]

Yeah, after opening the issue I thought for a while and realized how dependent on the OS this would be.

I was hoping to get a decent client for Windows as well, as the proprietary one keeps opening warning dialogs and disconnecting every half an hour or so.

[spidey]

Should I close the issue then?

[DimitriPapadopoulos]

Well, it's not impossible to port openfortivpn - just complicated!

By the way the FortiClient software used to work well for me, it used to operate for hours without disconnection. Perhaps something's wrong on the Fortinet device or the Windows computer? Note that there are alternative clients for Windows. Also if your IT team supports Windows only, they might have disabled VPN SSL on the Fortinet device - this had been reported in another thread of discussion.

[spidey]

Since porting to Windows wouldn't be a simple task, involving porting dependencies as well, I'm closing the issue. Thank you on the feedback and suggestions on alternatives.

[evandrix]

is it possible to export FortiVPN into an OpenVPN .ovpn config file sans the 2FA/OTP part, like many other VPN vendors?

[DimitriPapadopoulos]

@evandrix This issue has been closed for more than two years and I don't see how your question is related to it. Also is your question related to openfortivpn?

[abubelinha]

A supported proprietary client is already available on Windows. The Windows client uses primarily IPSec, but can fall back to SSL. What value do you see value in porting openfortivpn to Windows? I'm not against it, just pointing out it implies significant work...

I think there are reasons for reopening this issue:

1. The propietary client I know (FortiClient VPN) is just supported in its commercial version
2. Their free client version (unsupported) does only maintain the VPN for a limited time. After a few hours you have to restart it again.
3. But the really worst thing is it randomly fails to restart the VPN again. Even if you follow their recommendations installing a 3rd party patch to solve it, after a few days the fail comes back again randomly. At least for me it was a nightmare and a waste of time (having to close all my different applications working over the VPN, and restart windows multiple times).

So, in summary, there is not a free and working windows client.

[DimitriPapadopoulos]

I'm not against porting openfortivpn to Windows. It's just too complicated in the short term and there are lots of more urgent tasks that need to be addressed. I just don't see it happening unless someone else commits substantial work.

It will get easier to port to Windows with time, as other changes are hopefully applied:

• directly use PPP code in openfortivpn instead of forking pppd,
• run scripts to set routing and name resolution instead of using C code.

[abubelinha]

I'm not against porting openfortivpn to Windows

Yes I know.

I was just giving you strong reasons to keep the issue open

[DimitriPapadopoulos]

Keeping issues that we cannot address in the next few years open won't help in any way. If anyone is interested contributing a Windows version, it's probably best to open issues to discuss specific portability issues and address each one of them.

[abubelinha]

OK, sorry, I am not a developer ... maybe I just don't understand how github issues work (I have not clear what Open / Closed means in this context: my understanding was "closed = solved").

[bertogravscale]

did you tried to use wsl?

[abubelinha]

No. Actually I gave up because they changed from Fortinet to a different VPN. So I don't need openfortivpn any more