OpenFortiGUI


OpenFortiGUI is an open-source VPN-Client to connect to Fortigate VPN-Hardware. It is based on openfortivpn and adds an easy to use and nice GUI on top of it, written in Qt5.

Unlike other VPN-clients it is also possible to connect to multiple VPN-destinations  simultaneously. It is an replacement for the closed-source Forticlient – SSLVPN Client.

 

Features include:

  • Qt5 GUI, based on 5.5
  • openfortivpn library built-in, no separate download required
  • All settings saved in text-files, so easy to share, passwords saved AES-encrypted (key can be defined as needed)
  • VPNs divided into local and global sections (readonly, useful for deployments to many users)
  • VPN-groups can be defined to start groups of VPNs at the same time
  • Trayicon with fast access to start/stop VPNs and groups
  • Multiple VPN connections possible simultaneously
  • Certificate and user/password auth supported
  • English and german language (sorry for german screenshots 😉 )

Source: https://github.com/theinvisible/openfortigui

Prebuild packages are available for following Distros:

Ubuntu 16.04 (last Update 12.11.2017): 

OpenFortiGUI 0.4.0 32bit
OpenFortiGUI 0.4.0 64bit

Debian 9 (last Update 12.11.2017):

OpenFortiGUI 0.4.0 64bit

You can also use our apt mirror, for instructions see: https://styrion.at/apt/

Quick instruction to build from source:

  1. Install DEV-tools (on Ubuntu: build-essential, qt5-default, libssl-dev)
  2. git clone https://github.com/theinvisible/openfortigui.git
  3. cd openfortigui && git submodule init && git submodule update
  4. cd qtinyaes && git submodule init && git submodule update
  5. cd .. && qmake && make -j8
  6. openfortigui binary is ready

Used software/libraries/resources:

41 thoughts on “OpenFortiGUI

  1. nalbyuites

    Thank you for the hard work! openfortiGUI 0.2.10-dev is working fine for me on Solus OS.

    Reply
  2. Christian

    Working great for me on KDE Neon. One wish, an option to close/minimize to system tray. Otherwise, just perect! Thank you so much!

    Reply
  3. Christian

    After having used it for some time I have found that it doesn’t close the process when I close the application, so I will have to kill it manually before I am able to open it again. That would be good to have fixed.

    Reply
  4. Sven

    We have 2FA and the GUI version does not support that yet, something you will implement?
    Thanks in advance!

    Reply
    1. Ti Post author

      You are right, this is not implemented right now. I am working on this, but its quite hard to “hook” into the existing openfortivpn code without changing too much code. But stay tuned, updates will come.

      Reply
  5. b.f.

    Hi,
    thanks for great app. I’ve found one problem – after Disconnect it does not delete added route (if configured in Options tab -> “Set routes”).

    Reply
  6. Eric S. Smith

    Speaking of features that might be hard to implement, there doesn’t seem to be support for HTTP proxies as in forticlientsslvpn’s “Global settings”.

    Reply
  7. luis amaya

    openfortigui its an incredible software, just need some fixes. As they already commented you , it doesnt delete added routes when the quitting connection is established by the VPN.
    Thank you !!! cheers

    Reply
  8. fprietog

    It works for my work connection with a lil problem.

    Using “FortiClient SSLVPN 4.0.2333”, after negotiation three lines were added to my resolv.conf file:

    search spaced.dsd
    nameserver 10.71.xxx.xxx
    nameserver 10.71.xxx.xxx

    Using “openFortiGUI 0.2.10-dev” only the nameserver lines are added to resolv.conf, lacks the search line:

    nameserver 10.71.xxx.xxx
    nameserver 10.71.xxx.xxx

    So connection works but I need to apply the spaced.dsd suffix manually to machine names/intranet links. Not so handy 🙁

    Thanks and best regards.

    Reply
  9. Stanton

    How Can I share this Connection?

    i’ll do:
    echo “1” | sudo tee /proc/sys/net/ipv4/ip_forward

    sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    sudo iptables -A FORWARD -o ppp0 -i eth0 -m conntrack –ctstate NEW -j ACCEPT
    sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -o eth0 -j MASQUERADE

    but dont working 🙁

    Reply
  10. netikras

    Really appreciate your effort! I really do. However I’ll stick with the CLI version.

    Firstly, because it’s cli 🙂 Yes, gui is a very nice eyecandy and it can store passwords as well so I’m a single click away, but… It’s a GUI. So SSH is a no-go for this version.

    Secondly, because either it still needs some polishing or I do not get how it should behave. I created a connection, hit on Connect and it turned green. A second later it became red and since then I can no longer make it green (connect) again. Logs are not filling any more either

    INFO: Connected to gateway.
    INFO: Authenticated.
    INFO: Remote gateway has allocated a VPN.
    INFO: Custom: XXXXX.XXXXXX.XX.
    INFO: Got addresses: [XX.XX.XX.XX], ns [0.0.0.0, 0.0.0.0]
    INFO: Interface ppp0 is UP.
    INFO: Tunnel is up and running.
    INFO: Cancelling threads…
    INFO: Connected to gateway.
    ERROR: Could not authenticate to gateway (No cookie given).
    INFO: Closed connection to gateway.
    INFO: Logged out.

    So I’ll just stick with CLI 🙂

    Reply
    1. Ti Post author

      Thanks for your feedback.

      Yes, OpenFortiGUI is designed for GUI but can also be used in CLI. For example: openfortigui –start-vpn –vpn-name your-vpn-profile –main-config ‘/path/to/main.conf’

      The only downside is that it still needs the QT-libraries. So on a remote server its still best to stick with openfortivpn.

      Concerning your problem: This is weird, its already connected but aborts the connection later on. What features are you using with your vpn (certs, otp). Is there any log on your Fortigate? Have you tried openfortivpn to validate the problem?

      Thanks.

      Reply
      1. Turcol

        Thanks for the information about the CLI. When I tried to run it on amd64 it give the error Segmentation fault (core dumped)

        The command was run like this (the post ^^ is missing the double –) :
        openfortigui –-start-vpn –-vpn-name your-vpn-profile –-main-config ‘/path/to/main.conf’

        Any thoughts about what can be happening (the conf file works properly from the GUI)?

        Thanks

        Reply
  11. jorge

    netikras: the same happened to me. I selected the connection and click on disconnect again even if it was disconnected. After that I was able to connect again.

    Reply
  12. jelle

    Hi

    I realy like your official forticlient deb packages. I tried this GUI and it looks great but i cant get it to work.
    both the endpoints I’m connecting to are plain ip’s no dns names and no reverse lookup zones.
    they wont connect and all I find in the log is the following
    ERROR: gethostbyname: Unknown host
    INFO: Closed connection to gateway.
    ERROR: connect: Connection refused
    INFO: Could not log out.

    Reply
    1. Ti Post author

      Hello, this sounds like something is wrong with your VPN-Server name. Maybe there are Whitespace-chars included or other special chars. Have you checked your vpn-profile in text-mode? They are located in ~/.openfortigui/vpnprofiles. Try to open your profile with a text-editor and check the chars.

      Reply
      1. OnkelPony

        Thank you very much for your application. I had same problems as jelle (I used czech letter č (c with caron) in VPN server name. After I had removed it, everything worked.

        Reply
  13. Pingback: Acesso remoto – VPN | Monolito Nimbus

  14. Nicolas

    Work perfectly to replace Forticlient SSL-VPN 4.0.2333.
    I’ve just needed to check “Set routes” to work with my connection settings.

    Thanks a lot!

    Reply
  15. Pingback: Connecting SSL VPN FortiGate using Fedora 24 | >> IT UnderStandings <<

  16. rob

    I’m having an issue where I can connect and get a tunnel running to the Fortigate, however, when I start an rsync, it connects via ssh to a machine behind the fortigate fine, but after a couple of minutes the VPN disconnects. In the logs I get a

    ERROR: read: Input/output error
    INFO: Cancelling threads..”.

    Ironically, If I just leave the VPN connected, it is fine, if I ssh to the same box it is fine. It only happens when trying to run an rysnc over the VPN when I run into the problem. Also I can VPN/Rsync fine from a windows 10 machine.

    Any and all help appreciated.

    Reply
    1. Ti Post author

      Hi,

      there were segfaults on older versions but this seems to be a problem with the vpn core itself.

      Please try out the latest version (now 0.3.4) as it also includes updates on the openfortivpn core.

      Reply
  17. Marcos

    I’m running it on a debian 9. The application seems to work until i try to connect to the VPN. It does nothing. And when I try to see the logs of the VPN, the log files aren’t there.
    Also I ran the app within a terminal to see if I can get any additional info but it doesn’t write anything to the terminal output.
    Tahnk you.

    Reply
    1. Marcos

      I learned to set the app in Debug mode and it was possible to capture the app log when trying to connect to the VPN.

      Oct 5 17:05:29 openfortiGUI::Debug: action vpn pressed:: “vpn_name”
      Oct 5 17:05:29 openfortiGUI::Debug: start vpn: “vpn_name” active-tab:: 0
      Oct 5 17:05:29 openfortiGUI::Debug: Start vpn:: “vpn_name”
      Oct 5 17:05:29 openfortiGUI::Debug: add logger “/home/user/.openfortigui/main.conf”
      Oct 5 17:05:29 openfortiGUI::Debug: vpnManager::onClientConnected()
      Oct 5 17:05:29 openfortiGUI::Debug: client api helo command:: 0 ::name:: “vpn_name”
      Oct 5 17:05:29 openfortiGUI::Debug: client disconnected:: “vpn_name”
      Oct 5 17:05:29 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() “vpn_name” status 0
      Oct 5 17:05:29 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: “vpn_name” ::status:: 0

      Thanks.

      Reply
      1. Ti Post author

        Hi,

        this log output is not really useful.

        Please provide the vpn log file, just right click on your VPN and “Logs”. Also enable “Debug” log in your VPN setting, thanks.

        Reply
        1. simpe

          I have the same problem on Debian 9, the program seems to do nothing. The logs associated to single VPN connections are empty, even after pressing the connect button: it appears the program doesn’t even attempt to connect!

          Reply
  18. hhllss

    Hi,

    I think that it is a perfect program that helps me work just every day. Just, I just would like to have double click on a line fire the connection not the edition of a vpn. In the same idea, enter should fire a connection. But out of those small asks (no ETA in there, just suggestions), just perfect.

    Thank you very much for you work.

    hhllss

    Reply
  19. Marcelo Gomes

    Hi,

    I’m using the GUI smoothly, thanks for developing and sharing with the community!

    Nonetheless, I’m having trouble adding the apt mirror to my machine (Ubuntu 16.04). I’m getting an error while trying to add the key
    gpgkeys: key 2FAB19E7CCB7F415 can’t be retrieved

    Any suggestions?
    Cheers!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *