Closed augustodossantosti closed 4 years ago
@augustodossantosti It works with openfortgui which as you say is a GUI built upon openfortivpn. So openfortivpn does seem to work.
Maybe you're testing the latest version 1.11.0 of openfortivpn from the command line vs. a previous version of openfortivpn from openfortgui. Is that the case?
Exactly. I'm using the latest version from command line with a config file on MacOS Catalina.
$ openfortivpn -c [path-to-file]/config
config content:
host = [my-host-ip]
port = 10443
username = [my-username]
password = [my-password]
set-routes = 1
set-dns = 1
pppd-use-peerdns = 0
Unfortunately there is no version of openfortigui for macos
maybe try with -v -v -v
and check the debug output (be cautious when posting it, there are cleartext passwords in there)
Also I'm not certain about what is the expected behaviour. Based on your experience, should openfortivpn ask for the token only or for both the token and a password?
I'm asking because your config file contains a password
directive which may instruct openfortivpn not to ask for a token and use the password instead:
password = [my-password]
What happens if you remove the password
line from the config file?
Given the fact that the email is sent when connecting with forticlient, the mechanism itself works. The email should be sent when the user logs in with username and password. I was thinking in two directions:
It's also not clear what you are exactly seeing. You have a password in the config file and you write that there is a password prompt. Is it the prompt for the VPN password, or is it the OTP token prompt? Or, now that I am writing, I realize that it could also be the prompt for the sudo password which is required before openfortivpn is doing anything.
Some settings were missing in the connection configuration file as well as the password set in the file were incorrect. Sudo password also were required. After adjusting these details the connection worked as expected.
These two parameter were added
pppd-use-peerdns = 1 trusted-cert = [certificate]
I'm trying to connect on a network that sends an email with a token after connection request although a prompt for password appears on terminal the email with a valid token isn't send.
On linux I use openfortgui https://github.com/theinvisible/openfortigui that has openfortvpn at the core and everything works fine. After a request a prompt appears, I check my email, copy the token and then use it to connect.