mgarridoe
commented
2 years ago Hi Maikel,
Establish the option OTP prompt string to Please enter one-time password and try again. It work's for me (diferent string)
Hope it helps. Kind regards,
Closed mverouden closed 2 years ago
mgarridoe
commented
2 years ago Hi Maikel,
Establish the option OTP prompt string to Please enter one-time password and try again. It work's for me (diferent string)
Hope it helps. Kind regards,
mverouden
commented
2 years ago @mgarridoe Thanks for the tip. Unfortunately it does not work for me.
For now I will just use openfortivpn itself.
mverouden
commented
2 years ago @theinvisible I have been able to get openfortigui working!!
The tip from @mgarridoe in the end proved to be very useful. The only problem was the one-time password. Now I am using the Microsoft Authenticator app on my mobile, where I only need to approve the connection. This works perfectly in combination with openfortigui.
Before I was using the Google Authenticator app and retyping the 6-digit otp doesn't work, because no request for the otp is presented.
josegerez
commented
12 months ago Hi @mverouden,
How do you solve the problem with MS Authenticator. We are trying to use openfortigui in Linux instead of using Forticlient native client in Windows. The docs we have to use Windows Forticlient only describes to add a VPN profile with a a connection name, the remote gateway and to check "Enable Single Sign On (SSO) for VPN Tunnel". That all! After that when the VPN is established we get a windows from MS requesting credentials plus an aproval on MS Authenticator.
@theinvisible I have been able to get openfortigui working!!
The tip from @mgarridoe in the end proved to be very useful. The only problem was the one-time password. Now I am using the Microsoft Authenticator app on my mobile, where I only need to approve the connection. This works perfectly in combination with openfortigui.
Before I was using the Google Authenticator app and retyping the 6-digit otp doesn't work, because no request for the otp is presented.
mverouden
commented
12 months ago HI @josegerez ,
In OpenFortiGUI I have created a profile with the credentials from my organization (VPN-Server, VPN-Port, Username and matching Password from my organization). For me the certificate is not required.
In the Options tab I have ticked: Set routes, Set DNS and Debug. The rest I left as provided by the default settings.
Please make sure to check the OpenFortiGUI Settings and especially the SUDO -E Option. This is required, when using Linux distributions based on Ubuntu 19.10/Debian 10 or above.
Next when I connect to the created VPN profile, the OpenFortiGUI will display "connecting" as status. Automatically MS Authenticator on my mobile prompts for authentication and after approval the connection is made.
josegerez
commented
12 months ago Hi @mverouden,
This is not working for me. I get the following error: Could not authenticate to gateway (HTTP status code)
Any ideas?
Dear Rene,
I have been using openfortigui with great satisfaction. However, recently my organization (Wageningen University & Research) has implemented MFA/2FA on SLL-VPN (using Fortinet). My system is Linux Mint 19.3 and I have been using openfortigui 0.9.5-1 (from https://apt.iteas.at/iteas/pool/main/o/openfortigui/) up to last week when MFA/2FA was switched on for me.
I am struggling with a similar issue #107 , that no otp request appears when trying to set up a SSL-VPN connection with MFA/2FA. I have tried to use the suggested "Always ask for OTP", but that also does not work. Having compiled openfortivpn 1.17.0 from source, it works just fine by prompting for the one-time password (as shown below).
The config file (/etc/openfortivpn/config) only contains:
Also I have added the files suggested in #52, but still no request for the OTP! This does resolve the issue with use the GNOME Keyring option in the settings no longer giving a warning alert.
Is there any way to solve this? I especially like the fact that the tray icon displays when the vpn connection is active. Now I have to leave a terminal session open, which also works but it just looks less clean. The IT department recommends to use Fortinet VPNClient only v7 for Linux, but that is all closed source and sluggish as well as slow, whereas your openfortigui is nicely lightweight, fast and even showing the connection status (Fortinet VPNclient Only v7 does not even have that!) as mentioned.
Kind regards,