Can not get OpenFortiGUI to connect on Ubuntu 19.10

[cdysthe]

I have used OpenFortiGUI without problems on Ubuntu 19.04, but after having installed it on 19.10 nothing happens when I try to connect. And with nothing I mean absolutely nothing. No error messages or connection failures. The client just sits there without any output whatsoever.

[Razorhunter]

Count me in...unable to connect since upgrade from 19.04 to 19.10 ...

[romario74]

metoo

[apenen]

Another one...

1. Logs in file ~/.openfortigui/logs/openfortigui.log: oct. 21 11:13:50 openfortiGUI::Debug: active-tab:: 0 oct. 21 11:13:50 openfortiGUI::Debug: start vpn: "COMPANY" active-tab:: 0 oct. 21 11:13:50 openfortiGUI::Debug: Start vpn:: "COMPANY" oct. 21 11:13:50 openfortiGUI::Debug: add logger "/home/user/.openfortigui/main.conf" oct. 21 11:13:50 openfortiGUI::Debug: vpnManager::onClientConnected() oct. 21 11:13:50 openfortiGUI::Debug: client api helo command:: 0 ::name:: "COMPANY" oct. 21 11:13:50 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/user/.openfortigui/vpnprofiles/COMPANY.conf" oct. 21 11:13:50 openfortiGUI::Debug: static bool LibSecretKeyring::findPassword(const QString&, const QString&, QKeychain::JobPrivate) oct. 21 11:13:50 openfortiGUI::Debug: static bool LibSecretKeyring::findPassword(const QString&, const QString&, QKeychain::JobPrivate) oct. 21 11:13:50 openfortiGUI::Debug: vpnClientConnection::sendCMD:: "COMPANY" :: 8 oct. 21 11:13:51 openfortiGUI::Debug: client disconnected:: "COMPANY" oct. 21 11:13:51 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() "COMPANY" status 0 oct. 21 11:13:51 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: "COMPANY" ::status:: 0

2. Logs from kernel: Oct 21 11:13:51 laptop kernel: [ 1216.963849] openfortigui[11685]: segfault at 28 ip 00007f74c64b784e sp 00007ffda0248830 error 4 in libQt5Core.so.5.12.4[7f74c63fb000+2df000] Oct 21 11:13:51 laptop kernel: [ 1216.963884] Code: 70 04 e9 25 ff ff ff 90 0f 1f 40 00 f3 0f 1e fa 41 54 49 89 fc 53 48 89 f3 48 83 ec 08 48 8b 16 8b 02 83 c0 01 83 f8 01 77 42 <49> 8b 04 24 8b 10 85 d2 74 20 83 fa ff 74 06 f0 83 28 01 74 15 48

[garyx]

Having the same issue here, anyone close to seeing what is happening?

[apenen]

openfortivpn command works fine... I think there's a problem with some change in libQt5Core.so....

[garyx]

Yeah the cli works fine, just the gui is breaking in 19.10.

[cassiel74]

cli is not working fine here (neither gui)

Oct 23 15:43:48 jimi kernel: [26865.093775] openfortigui[32383]: segfault at 1c ip 0000564e0a91eed0 sp 00007ffddc30cc98 error 4 in openfortigui[564e0a8d3000+e1000] Oct 23 15:43:48 jimi kernel: [26865.093795] Code: 00 5b 5d e9 92 7c fc ff 66 90 48 83 ec 08 e8 77 df 01 00 31 ff e8 e0 68 fc ff 48 83 c4 08 c3 90 66 2e 0f 1f 84 00 00 00 00 00 <48> 8b 7f 10 ff a7 a0 12 00 00 66 0f 1f 44 00 00 41 57 41 56 41 55

[theinvisible]

Hi, there is now a new build 0.8.1 which has a optional flag in Settings that enables the workaround via -E sudo flag. Just enable the setting an try again. Thanks so far for your feedback. Cheers Rene

[cassiel74]

I've downloaded 0.8.1 for Debian buster but "About" popup says openFortiGUI 0.8.0, moreover there's no such setting...

[rafaelmartines]

I've downloaded 0.8.1 for Debian buster but "About" popup says openFortiGUI 0.8.0, moreover there's no such setting...

I just download it for Ubuntu 19.10, and the new options is there, worked fine <3

[apenen]

+1, now works on Ubuntu 19.10. Thanks!

[cdysthe]

The new setting in 0.8.1 works for me but it doesn't seem like the keyring integration works like it did before. I have to enter the password every time I connect. Is this a separate issue or related to this one?

[apenen]

The keyring works for me, but it closes radomly loosing the connection too.

[theinvisible]

The new setting in 0.8.1 works for me but it doesn't seem like the keyring integration works like it did before. I have to enter the password every time I connect. Is this a separate issue or related to this one?

No, there was no change regarding this.

As said, there is no real support for non Ubuntu LTS releases, this package is still build and linked on Ubuntu 18.04.x LTS. Also there seems some policy changes on sudo on 19.10, maybe these can intercept and lead to problems. If anyone want to provide "support" or "test" with no LTS releases please let me know. ; )

If you want help debugging please follow the "Debugging guide" here: https://hadler.me/linux/openfortigui/ As i dont have any 19.10 release running i cannot help right now. Next one is Ubuntu 20.04 LTS.

[cassiel74]

Ok, now debian buster release correctly shows sudo -E in settings and works fine!

[tmotyl]

I have sudo switch enabled, but still cant login. in the logs I see "Could not authenticate to gateway (HTTP status code)"

INFO:   Start tunnel.
DEBUG:  server_addr: x.x.x.x.x
DEBUG:  server_port: 10443
DEBUG:  gateway_addr: x.x.x.x.x
DEBUG:  gateway_port: 10443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4DEBUG:  Gateway certificate validation succeeded.
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway (HTTP status code).

Using Ubuntu 19.10 and openFortiGUI 0.8.1

[MaheshShrestha7]

+1 from my side on updating to 0.8.1 and enabling new option "SUDO -E option" as it resolved the issue after updating to ubuntu 19.10

[jbaudoux]

Here is the backtrace on Ubuntu 19.10. Issue appears when main and profile is created as user and app launched with root priviledge:

#0  0x0000555555599a3f in qMapLessThanKey<vpnProfile::Origin> (key1=@0x555555667008: vpnProfile::Origin_LOCAL, key2=<error reading variable>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:71
#1  0x00005555555999ea in QMapNode<vpnProfile::Origin, QString>::lowerBound (this=0x555555666ff0, akey=<error reading variable>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:155
#2  0x0000555555598e54 in QMapData<vpnProfile::Origin, QString>::findNode (this=0x55555565c5d0, akey=<error reading variable>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:287
#3  0x00005555555985aa in QMap<vpnProfile::Origin, QString>::operator[] (this=0x7fffffffcbe8, akey=<error reading variable>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:674
#4  0x000055555559d000 in vpnProfile::readPassword (this=0x0) at vpnprofile.cpp:65
#5  0x000055555559a6c5 in vpnProcess::startVPN (this=0x7fffffffcfd0) at proc/vpnprocess.cpp:112
#6  0x000055555559a211 in vpnProcess::run (this=0x7fffffffcfd0, vpnname=...) at proc/vpnprocess.cpp:62
#7  0x000055555556d7ed in main (argc=6, argv=0x7fffffffe3e8) at main.cpp:166

Relaunching the app as root and creating a main and profile as root does no cause the issue.

[theinvisible]

Hi, its not recommended to start openfortigui as root. Only the vpn process itself needs root privileges which is launched via sudo. Also every user has its own configuration files in ~/.openfortigui so you cannot share profiles between users (except global vpn profiles).

[tmotyl]

@theinvisible please let me know if I could provide any additional information which would help solving the issue.

[tmotyl]

on ubuntu 19.10 I've uninstalled the openfortigui and removed its configuration folder, then I've reinstalled it v0.8.2 using apt. I've created the connection manually again, selected sudo -E option. Then in the log I saw: "sudo: no tty present and no askpass program specified" so I've added a line "myusername ALL=NOPASSWD:SETENV: /usr/bin/openfortigui" to /etc/sudoers.d/openfortigui

Then I tried to conenct again, and got a segfault with following logs:

INFO:   Start tunnel.
DEBUG:  server_addr: xxxxx
DEBUG:  server_port: 10443
DEBUG:  gateway_addr: xxxxx
DEBUG:  gateway_port: 10443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation succeeded.
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway (HTTP status code).
INFO:   Closed connection to gateway.
DEBUG:  server_addr: xxxxx
DEBUG:  server_port: 10443
DEBUG:  gateway_addr: xxxxx
DEBUG:  gateway_port: 10443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation succeeded.
INFO:   Logged out.

and

lut 13 14:03:39 openfortiGUI::Debug: "start-main::"
lut 13 14:03:54 openfortiGUI::Debug: "start-vpn process::" "xxxx"
lut 13 14:03:54 openfortiGUI::Debug: "start-vpn process::config_file::" "/home/xxx/.openfortigui/main.conf"
lut 13 14:03:54 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/xxx/.openfortigui/vpnprofiles/xxxx.conf"
lut 13 14:03:54 openfortiGUI::Debug: vpnWorker::process::slot
lut 13 14:03:55 openfortiGUI::Debug: shutting down vpn process:: "xxxx"

[Jancis]

If anyone figures out a way to downgrade libQt5Core or find a version that works it would be amazing

[robertovallone]

It seems to work in 20.04 with the "SUDO -E option" enabled, but the icon remains with the red unconnected plugs and doesn't switch to the green connected ones

`` INFO: Start tunnel.

INFO: Connected to gateway. INFO: Authenticated. INFO: Remote gateway has allocated a VPN. Using interface ppp0 Connect: ppp0 <--> /dev/pts/2 INFO: Got addresses: [172.17.0.2], ns [10.10.0.4, 10.10.0.1] INFO: negotiation complete INFO: negotiation complete local IP address 172.17.0.2 remote IP address 192.0.2.1 primary DNS address 10.10.0.4 secondary DNS address 10.10.0.1 INFO: Interface ppp0 is UP. INFO: Setting new routes... WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. WARN: Route to gateway exists already. INFO: Adding VPN nameservers... INFO: Tunnel is up and running. ``

[taitrankaplan]

It's still not working on 20.04. the connect icon is always RED. Could anyone give me a solution?

[edwardfernandes]

me neithher. I can't connect using Ubuntu 20.04

[theinvisible]

Please try this one: https://hadler.me/2020/04/openfortigui-ubuntu2004-status/

[Jancis]

The one above works for me :+1: ubuntu 19.10

[tmotyl]

The one above works for me ubuntu 19.10

@Jancis which package exactly did you tried on 19.10? I tried some and did not succeeded.

[walcoimbra19]

I managed to solve by activating the "SUDO E-OPTION" option within the settings

[Jancis]

I used debian version, openfortigui_99.9.1057-1_amd64_buster.deb as the focal needed few libraries that are unavailable in eoan (19.10) yet.

[taitrankaplan]

I'm using Ubuntu 20.04 and I see Openfortigui don't work anymore (although i have tried to use sudo -E flag). If you guys have the same issue you can use openfortivpn instead (in terminal) i see it works as well.

[tmotyl]

I've tried the openfortigui_99.9.1057-1_amd64_buster.deb on 19.10 but it's still crashing when trying to connect.

[theinvisible]

I will close this issue now as its already too confusing with all the different OSes. Please keep in mind I will only "support" LTS releases in Ubuntu as the support work is mostly done in my spare freetime. You can try to install the latest version 0.9.x and report any bugs in new issues. Thanks for your understanding.