Open kaytrance opened 1 year ago
Using already OpenfortiGUI 0.9.9-3 currently but issue still persist.
I can confirm this issue, which preventing also me to connect. In OpenfortiGUI log I see:
ERROR: Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, rerun with:
ERROR: --trusted-cert .....
.... but no way to provide that trusted-cert parameter via GUI. When trying to run openfortigui via CLI, then there is no such parameter like --trusted-cert, only openfortivpn has. Even connecting with Trust all certs does not help.
Actually in file ~/.openfortigui/vpnprofiles/profilename.conf is parameter _trustedcert= set with proper hash but openfortigui seems to ignore it. Also tested same cert with openfortivpn at CLI and connects properly. Just OpenfortiGUI does not connect.
In mentioned version connection attempt fails with following errors (sensitive info replaced with xxxxx). Then it seems it tries to reconnect, fails again, and it keep doing that in a loop.
Here's an output from
~/.openfortigui/logs/openfortigui.log
And this is
~/.openfortigui/vpnprofiles/VPN.conf
Running
openfortivpn
with--trusted-cert b4ecba868189b92axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
parameter connects without any issues, so I assume openfortigui somewhat does not include--trusted-cert
parameter when connecting.