OpenFortiGui 0.9.5. problem with trusted_certs

[michelep]

Seems that also the latest OpenFortiGUI ignore trusted_certs fingerprint in vpnprofiles.

I've tried updating openfortivpn at the latest (GIT) release, without any success. When i connect to my VPN provider, openfortigui asks me if i want to add SSL fingerprint to trusted_certs. I accept but nothing happens, VPN doesn't connect.

In profile file i have:

[cert]
ca_file=
trusted_cert=19f4b4e19091bf6c7f70fd6b6b3a97ff21e4c58b3eff3e283e7f0xxxxxxxxxx
user_cert=
user_key=
verify_cert=false

[options]
always_ask_otp=false
autostart=false
debug=false
half_internet_routers=false
insecure_ssl=false
min_tls=Default
otp_delay=0
otp_prompt=
pppd_call=
pppd_ifname=
pppd_ipparam=
pppd_log_file=
pppd_no_peerdns=false
pppd_plugin_file=
realm=
seclevel1=false
set_dns=true
set_routes=true

[vpn]
gateway_host=vpn.xxxx
gateway_port=10443
name=VPN
password="XXXXXXXXXXXXXXXXx"
persistent=false
username=XXXXXXXX

[rhelms]

What kind of output are you getting in ~/.openfortigui/logs/openfortigui.log? There will also be a log for the specific profile under ~/.openfortigui/logs/vpn/ as well.

[michelep]

Here is:

INFO:   Start tunnel.
ERROR:  Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert 19f4b4e19091bf6c7f70fd6b6b3a97ff21e4c58b3eff3e283eXXXXXX
ERROR:  or add this line to your configuration file:
ERROR:      trusted-cert = 19f4b4e19091bf6c7f70fd6b6b3a97ff21e4c58b3eff3e283eXXXXXX
ERROR:  Gateway certificate:
ERROR:      subject:
ERROR:          C=IT
ERROR:          ST=XXX
ERROR:          L=XXX
ERROR:          O=XXXX
ERROR:          CN=vpn.XXX
ERROR:      issuer:
ERROR:          C=NL
ERROR:          O=GEANT Vereniging
ERROR:          CN=GEANT OV RSA CA 4
ERROR:      sha256 digest:
ERROR:          19f4b4e19091bf6c7f70fd6b6b3a97ff21e4c58b3eff3e283e7XXXXXXXXXXXXXX
INFO:   Closed connection to gateway.

[michelep]

And this is the openfortigui.log:

ott 11 10:24:38 openfortiGUI::Debug: start vpn: "XXXX" active-tab:: 0
ott 11 10:24:38 openfortiGUI::Debug: add logger "/home/michelep/.openfortigui/main.conf"
ott 11 10:24:38 openfortiGUI::Debug: Start vpn:: "XXXX"
ott 11 10:24:38 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/michelep/.openfortigui/vpnprofiles/XXXX.conf"
ott 11 10:24:38 openfortiGUI::Debug: vpnManager::onClientConnected()
ott 11 10:24:38 openfortiGUI::Debug: client api helo command:: 0 ::name:: "XXXX"
ott 11 10:24:38 openfortiGUI::Debug: client disconnected:: "XXXX"
ott 11 10:24:38 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() "XXXX" status 0
ott 11 10:24:38 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: "XXXX" ::status:: 0
ott 11 10:24:38 openfortiGUI::Debug: 1633940678985 bytes avail:: 1677
ott 11 10:24:38 openfortiGUI::Debug: certificatefailedrequest from vpnmanager
ott 11 10:24:39 openfortiGUI::Debug: VPN process  "XXXX"  error occurred!
ott 11 10:24:39 openfortiGUI::Debug: VPN process  "XXXX"  finished!
ott 11 10:24:40 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/michelep/.openfortigui/vpnprofiles/XXXX.conf"
ott 11 10:24:40 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/michelep/.openfortigui/vpnprofiles/XXXX.conf"
ott 11 10:24:40 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "XXXX"
ott 11 10:24:42 openfortiGUI::Debug: stop vpn:: 0

[michelep]

Hi rhelms, any news? Can i help in some way?

[rhelms]

I thought it might have been an issue similar to mine (#158 ), but it's not.

I've since given up on using the GUI and have elected to use the command line openfortivpn with a config file and hide the terminal in the systray via KDocker.