VPN
- Last modified: tor maj 02, 2024 02:51
- Sign: JN
- Tested on: Xubuntu 22.04
- Solved: Yes
To access computers behind the NRM firewall from outside, the museum now (Nov 2022) offer VPN-access for Linux users. The requirement is that the software FortiClient VPN is used.
Note: The current installation of FortiNet installs the software as a service. I have not (yet) managed to set this up to easily start and stop the service whenever the VPN application is needed (i.e., not having FortiClient running all the time). Any help is most appreciated.
-
Install the gpg key:
$ wget -O - https://repo.fortinet.com/repo/forticlient/7.2/debian/DEB-GPG-KEY | \ gpg --dearmor | \ sudo tee /usr/share/keyrings/repo.fortinet.com.gpg -
Create /etc/apt/sources.list.d/repo.fortinet.com.list with the following content:
deb [arch=amd64 signed-by=/usr/share/keyrings/repo.fortinet.com.gpg] https://repo.fortinet.com/repo/forticlient/7.2/debian/ stable non-free -
Update package lists:
$ sudo apt update -
Install FortiClient:
$ sudo apt install forticlient
The name of the NRM VPN is NRM VPN 2023 with the following fortinet vpn
client configuration:
VPN: NRM VPN 2023
Remote Gateway: vpn.nrm.se:443/itstest
Client Certificate: None
Authentication: Prompt on login
Single Sign On (SSO) for VPN Tunnel: Disabled
Auto Connect: Disabled
Always Up: Disabled
Save Password: Disabled
To start the configuration (interactive):
$ forticlient vpn edit 'NRM VPN 2023'
Connection to the "NRM NPN 2023" service can now be done with your NRMUSER and NRMPASSWORD.
To connect from command line:
$ forticlient vpn connect 'NRM NPN 2023' -u NRMUSER
Provide your NRMPASSWORD and answer 'y' to accept connection to an untrusted server.
To disconnect:
$ forticlient vpn disconnect
The start/stop functionality could be wrapped in a script. See example here: FortiClientVPN.
Update Jan 2024: For my current installation (forticlient 7.2.4.0809), I have not been able to easily stop and start the daemon as described below. Help solving this is highly appreciated.
(Old info below)
The forticlient installation also installs a daemon which will start after boot up, and continue running in the background. If you only need the VPN-client on occasions, having the daemon running may not be desired. If you want to stop the daemon, run
$ sudo systemctl stop forticlient-scheduler
To start again:
$ sudo systemctl start forticlient-scheduler
To disable starting forticlient after reboot:
- Comment out the command (edit and add an
#in front of the line) in file/opt/forticlient/start-fortitray-launcher.sh sudo systemctl disable forticlient-scheduler
After step 1 and 2 above, forticlient daemon will not start after reboot. To start the VPN client however, you first need to start the daemon, then the client:
$ sudo systemctl start forticlient-scheduler
$ forticlient
- https://docs.fortinet.com/document/forticlient/7.2.4/linux-release-notes/213138/install-forticlient-linux-from-repo-fortinet-com
- https://repo.fortinet.com/
~/.config/FortiClient
