OpenFortiGUI is an open-source VPN-Client to connect to Fortigate and Barracuda VPN-Hardware. For Fortigate VPN it uses openfortivpn, for Barracuda it uses the official Barracuda VPN Client (must be installed) and adds an easy to use and nice GUI on top of it, written in Qt5.
Unlike other VPN-clients it is also possible to connect to multiple VPN-destinations simultaneously (for Fortigate only). It is an alternative for the closed-source Forticlient – SSLVPN Client.
Features include:
- Qt5 GUI
- Fortigate: openfortivpn library built-in, no separate download required
- Barracuda: Official Barracuda VPN Client required, you must first download from Barracuda download site
- All settings saved in text-files, so easy to share, passwords saved AES-encrypted (key can be defined as needed, GNOME keyring & KWallet support)
- VPNs divided into local and global sections (readonly, useful for enterprise deployments to many users)
- VPN-groups can be defined to start defined groups of VPNs at the same time
- Trayicon with fast access to start/stop VPNs and groups
- Multiple VPN connections possible simultaneously
- Certificate and user/password auth supported
- 2Factor support (TOTP)
- Autostart VPNs on program startup
- English, german, catalan (thanks wagafo@github) and japanese (thanks tsundeoku@github) language
- Optional: KRunner Plugin for KDE5
Source & community development: https://github.com/theinvisible/openfortigui
Prebuild packages are available for following Distros:
Last Update 9.2.2024
https://apt.iteas.at/iteas/pool/main/o/openfortigui/
Recommended: Use our apt mirror, for instructions see: https://apt.iteas.at/
Available packages on our apt mirror: openfortigui and openfortigui-runner
Quick instruction to build from source:
- Install DEV-tools (on Ubuntu: build-essential, qt5-default, libssl-dev, qt5keychain-dev)
- git clone https://github.com/theinvisible/openfortigui.git
- cd openfortigui && git submodule init && git submodule update
- qmake && make -j4
- openfortigui binary is ready
Debugging
If you want to help debugging please follow the next steps to produce a debug binary.
- Install DEV-tools (on Ubuntu: build-essential, qt5-default, libssl-dev, qt5keychain-dev)
- git clone https://github.com/theinvisible/openfortigui.git
- cd openfortigui && git submodule init && git submodule update
- qmake openfortigui-project.pro -spec linux-g++ CONFIG+=debug CONFIG+=qml_debug && /usr/bin/make -j4
- openfortigui debug binary is ready
OpenFortiGUI spawns new processes for every VPN connection profile.
You can also start a VPN connection on terminal and so use gdb. For example: sudo /usr/bin/openfortigui –start-vpn –vpn-name [yourvpnname] –main-config ‘/home/[yourusername]/.openfortigui/main.conf’
Just replace [yourvpnname] with your vpn profile name and [yourusername] with your Linux username.
Used software/libraries/resources:
Sorry, I cannot connect:
Server name is 100$% correct. We have some servers that have a postix URL e.g. /vpn. Is that relevant for the settings? Where do you enter this?
ERROR: getaddrinfo: Name or service not known
INFO: Closed connection to gateway.
DEBUG: server_addr: 0.0.0.0
DEBUG: server_port: 4443
DEBUG: gateway_addr: 0.0.0.0
DEBUG: gateway_port: 4443
ERROR: connect: Connection refused
I have a similar problem here;
ERROR: getaddrinfo: Nombre o servicio desconocido
INFO: Closed connection to gateway.
ERROR: connect: Conexión rehusada
INFO: Could not log out.
With old FortiClient it works.
Any idea?
OMG.. solved changing DNS by IP
Hi Ti,
first thank you very much! Keep up the good work!
I’ve a minor issue regarding the display scaling on high DPI display (4k). On the HDPI display, the font of the gui dialog / text boxes is very big. So there is not much space for text; in fact not enough.
Could you please check on HDPI with window scaling set to e.g. 2.
Also, the connection / settings window is of fixed size so it can’t be enlarged.
All minor UI issues. The product is great.
Do i need to install the package openfortivpn from github?
Or openfortigui has already installed it?
I cant connect to colleage vpn.
ERROR: getaddrinfo: Nombre o servicio desconocido
INFO: Closed connection to gateway.
ERROR: connect: Conexión rehusada
INFO: Could not log out.
ERROR: getaddrinfo: Nombre o servicio desconocido
INFO: Closed connection to gateway.
ERROR: connect: Conexión rehusada
INFO: Could not log out.
You dont need the openfortivpn package, its already included in OpenFortiGUI. Please try to connect by IP-adress, there seems to be some issues with your DNS it seems.
Help!!! So, I’m new to umbuntu. It’s my son’s pc. My laptop is MIA, and I need to work from home tomorrow. I’m a life long windows user, and I was state of the art desktop support… in 1999 LOL. The vpn says it is connected, however I am getting no dns from the destination network. Nothing. I have an IP and nothing else (as far as I can tell… which doesn’t mean much)
grady@Changeling:~$ nmcli dev show ppp0
GENERAL.DEVICE: ppp0
GENERAL.TYPE: unknown
GENERAL.HWADDR:
GENERAL.MTU: 1354
GENERAL.STATE: 10 (unmanaged)
GENERAL.CONNECTION: —
GENERAL.CON-PATH: —
IP4.ADDRESS[1]: 192.168.113.1/32
IP4.GATEWAY:
The connection is just missing a piece, and I don’t know enough to know what…
Many thanks! Working like a charm under Ubuntu.
Is there possibility to autoconnect VPN after system reboot?
Thanks. There is no option yet for autostart functionality. But i will record for future releases. : )
Many thanks for your reply. Will be waiting 🙂
Hi,
Version 0.4.2 is now out with an autostart feature for VPNs.
To activate just check the option “autostart” in your VPN-profile. You still need to put OpenFortiGUI in your DE autostart, best minimized (Activate “Start minimized” in OpenFortiGUI settings).
Wau! Many thanks.
That was really fast.
Already installed new verision and everything seems working.
Great job!
Hi!!
The first time I tried to connect to my work’s VPN, I received a notice from my IT department that I generated 70k requests to the file server, which falled.
I’ve been asked to use the official client, though it’s not clear whether OpenFortiGUI was the problem or not (I was accessing remote folders and remote desktop connection). I saved the log of the connection and I had the debug mode ON: I see nothing weird, a lot of
DEBUG: gateway —> pppd (125 bytes)
DEBUG: pppd —> gateway (72 bytes)
and sorts. But the logfile has less than 2000 lines in total.
Since I’m no expert, I’d like to have a confirmation that everything is in order, before I dare to try it again. And if it’s possibly a bug, it’s good to tell you also.
You think OpenFortiGUI could somehow enter an infinite connection loop?
Thanks for your help and work anyway
Hi,
openFortiGUI only communicates with the specified IP and Port with your VPN-Gateway. Any other traffic is caused by other programs on your computer. Maybe you ask your IT-department to use Wireshark or similiar to investigate vor details.
Cheers Rene
Hello.
Maybe it has IPSec support?
IPSec is a completely different technology. See strongSwan or similiar. Cheers Rene
Hi,
I have the same problem on ubuntu 17.10, that VPN server name doesn’t resolve. If I use IP instead of VPN server name, then everything works fine.
Otherwise great job 🙂
Cheers 🙂
I had 3 strange issue here in kubuntu 17.10
1. I can connect through IP address but not the hostname
2. WIFI cannot used after disconnect from VPN. Need manually disconnect an reconnect the wifi again
3. There is a “question” mark in the WIFI icon after successful the VPN connected
Thank you
Hi,
openFortiGUI is using the system dns resolution. So if its working on cmd it should work also in openFortiGUI.
But i have to admit that i didnt really tested it on non LTS releases.
Cheers Rene
Hi,
I’m using the GUI smoothly, thanks for developing and sharing with the community!
Nonetheless, I’m having trouble adding the apt mirror to my machine (Ubuntu 16.04). I’m getting an error while trying to add the key
gpgkeys: key 2FAB19E7CCB7F415 can’t be retrieved
Any suggestions?
Cheers!
Hi,
maybe keyserver.ubuntu.com is blocked on your network? Should be working fine.
Cheers Rene
Hi,
I think that it is a perfect program that helps me work just every day. Just, I just would like to have double click on a line fire the connection not the edition of a vpn. In the same idea, enter should fire a connection. But out of those small asks (no ETA in there, just suggestions), just perfect.
Thank you very much for you work.
hhllss
Thank you very much for this great tool, Rene.
I’m running it on a debian 9. The application seems to work until i try to connect to the VPN. It does nothing. And when I try to see the logs of the VPN, the log files aren’t there.
Also I ran the app within a terminal to see if I can get any additional info but it doesn’t write anything to the terminal output.
Tahnk you.
I learned to set the app in Debug mode and it was possible to capture the app log when trying to connect to the VPN.
Oct 5 17:05:29 openfortiGUI::Debug: action vpn pressed:: “vpn_name”
Oct 5 17:05:29 openfortiGUI::Debug: start vpn: “vpn_name” active-tab:: 0
Oct 5 17:05:29 openfortiGUI::Debug: Start vpn:: “vpn_name”
Oct 5 17:05:29 openfortiGUI::Debug: add logger “/home/user/.openfortigui/main.conf”
Oct 5 17:05:29 openfortiGUI::Debug: vpnManager::onClientConnected()
Oct 5 17:05:29 openfortiGUI::Debug: client api helo command:: 0 ::name:: “vpn_name”
Oct 5 17:05:29 openfortiGUI::Debug: client disconnected:: “vpn_name”
Oct 5 17:05:29 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() “vpn_name” status 0
Oct 5 17:05:29 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: “vpn_name” ::status:: 0
Thanks.
Hi,
this log output is not really useful.
Please provide the vpn log file, just right click on your VPN and “Logs”. Also enable “Debug” log in your VPN setting, thanks.
I have the same problem on Debian 9, the program seems to do nothing. The logs associated to single VPN connections are empty, even after pressing the connect button: it appears the program doesn’t even attempt to connect!
Same thing here on debian 9.
On Debian 9, according to this comment (https://github.com/theinvisible/openfortigui/issues/6#issuecomment-312454202) you need to open openfortigui with sudo. I tried and it worked. Don’t know it’s not required on Ubuntu. Anyone has an idea?
This works for me, but is it safe to launch with sudo?
I’m having an issue where I can connect and get a tunnel running to the Fortigate, however, when I start an rsync, it connects via ssh to a machine behind the fortigate fine, but after a couple of minutes the VPN disconnects. In the logs I get a
ERROR: read: Input/output error
INFO: Cancelling threads..”.
Ironically, If I just leave the VPN connected, it is fine, if I ssh to the same box it is fine. It only happens when trying to run an rysnc over the VPN when I run into the problem. Also I can VPN/Rsync fine from a windows 10 machine.
Any and all help appreciated.
Oh yeah, I’m running Ubuntu 16.04.3 64 bit.
Hi,
there were segfaults on older versions but this seems to be a problem with the vpn core itself.
Please try out the latest version (now 0.3.4) as it also includes updates on the openfortivpn core.
Pingback: Connecting SSL VPN FortiGate using Fedora 24 | >> IT UnderStandings <<
Work perfectly to replace Forticlient SSL-VPN 4.0.2333.
I’ve just needed to check “Set routes” to work with my connection settings.
Thanks a lot!
Need to precise that I’m on Ubuntu 17.10 with Gnome 3.24.2
Thanks for your feedback. : )
Pingback: Acesso remoto – VPN | Monolito Nimbus
Hi
I realy like your official forticlient deb packages. I tried this GUI and it looks great but i cant get it to work.
both the endpoints I’m connecting to are plain ip’s no dns names and no reverse lookup zones.
they wont connect and all I find in the log is the following
ERROR: gethostbyname: Unknown host
INFO: Closed connection to gateway.
ERROR: connect: Connection refused
INFO: Could not log out.
Hello, this sounds like something is wrong with your VPN-Server name. Maybe there are Whitespace-chars included or other special chars. Have you checked your vpn-profile in text-mode? They are located in ~/.openfortigui/vpnprofiles. Try to open your profile with a text-editor and check the chars.
Thank you very much for your application. I had same problems as jelle (I used czech letter č (c with caron) in VPN server name. After I had removed it, everything worked.
netikras: the same happened to me. I selected the connection and click on disconnect again even if it was disconnected. After that I was able to connect again.
Really appreciate your effort! I really do. However I’ll stick with the CLI version.
Firstly, because it’s cli 🙂 Yes, gui is a very nice eyecandy and it can store passwords as well so I’m a single click away, but… It’s a GUI. So SSH is a no-go for this version.
Secondly, because either it still needs some polishing or I do not get how it should behave. I created a connection, hit on Connect and it turned green. A second later it became red and since then I can no longer make it green (connect) again. Logs are not filling any more either
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
INFO: Custom: XXXXX.XXXXXX.XX.
INFO: Got addresses: [XX.XX.XX.XX], ns [0.0.0.0, 0.0.0.0]
INFO: Interface ppp0 is UP.
INFO: Tunnel is up and running.
INFO: Cancelling threads…
INFO: Connected to gateway.
ERROR: Could not authenticate to gateway (No cookie given).
INFO: Closed connection to gateway.
INFO: Logged out.
So I’ll just stick with CLI 🙂
Thanks for your feedback.
Yes, OpenFortiGUI is designed for GUI but can also be used in CLI. For example: openfortigui –start-vpn –vpn-name your-vpn-profile –main-config ‘/path/to/main.conf’
The only downside is that it still needs the QT-libraries. So on a remote server its still best to stick with openfortivpn.
Concerning your problem: This is weird, its already connected but aborts the connection later on. What features are you using with your vpn (certs, otp). Is there any log on your Fortigate? Have you tried openfortivpn to validate the problem?
Thanks.
Thanks for the information about the CLI. When I tried to run it on amd64 it give the error Segmentation fault (core dumped)
The command was run like this (the post ^^ is missing the double –) :
openfortigui –-start-vpn –-vpn-name your-vpn-profile –-main-config ‘/path/to/main.conf’
Any thoughts about what can be happening (the conf file works properly from the GUI)?
Thanks
run strace and keep an eye on those file not founds.
in my case an abort core dumped – situation resolved when i apt install –reinstalled two xinerama related packages. ubuntu 18.04.1.
How Can I share this Connection?
i’ll do:
echo “1” | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo iptables -A FORWARD -o ppp0 -i eth0 -m conntrack –ctstate NEW -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -o eth0 -j MASQUERADE
but dont working 🙁
It works for my work connection with a lil problem.
Using “FortiClient SSLVPN 4.0.2333”, after negotiation three lines were added to my resolv.conf file:
search spaced.dsd
nameserver 10.71.xxx.xxx
nameserver 10.71.xxx.xxx
Using “openFortiGUI 0.2.10-dev” only the nameserver lines are added to resolv.conf, lacks the search line:
nameserver 10.71.xxx.xxx
nameserver 10.71.xxx.xxx
So connection works but I need to apply the spaced.dsd suffix manually to machine names/intranet links. Not so handy 🙁
Thanks and best regards.
Thanks for your feedback. This seems to be a problem with openfortivpn. You can submit a bug-report here: https://github.com/adrienverge/openfortivpn/issues
Thanks.
Great work!
openfortigui its an incredible software, just need some fixes. As they already commented you , it doesnt delete added routes when the quitting connection is established by the VPN.
Thank you !!! cheers
Hello, this should be fixed now in recent versions.
Speaking of features that might be hard to implement, there doesn’t seem to be support for HTTP proxies as in forticlientsslvpn’s “Global settings”.
Unfortunately I rely on features that are provided by openfortivpn. You can make a feature request there: https://github.com/adrienverge/openfortivpn/issues
Hi,
thanks for great app. I’ve found one problem – after Disconnect it does not delete added route (if configured in Options tab -> “Set routes”).
Hello, this should be fixed now in recent versions.
We have 2FA and the GUI version does not support that yet, something you will implement?
Thanks in advance!
You are right, this is not implemented right now. I am working on this, but its quite hard to “hook” into the existing openfortivpn code without changing too much code. But stay tuned, updates will come.
2FA/OTP is now supported in latest version 0.3.0 and above. Please give it a try and leave feedback: https://hadler.me/2017/07/openfortigui-0-3-0/
After having used it for some time I have found that it doesn’t close the process when I close the application, so I will have to kill it manually before I am able to open it again. That would be good to have fixed.
Hope this issue was solved in your github request.
Hi,
great tool, thanks a lot for your work. I noticed the same way out issue : when I close the window application, process still runs in background, so I cannot relaunch it.
Using the linux version for debian LTS 16.04.
Working great for me on KDE Neon. One wish, an option to close/minimize to system tray. Otherwise, just perect! Thank you so much!
Thank you for the hard work! openfortiGUI 0.2.10-dev is working fine for me on Solus OS.
Hi, I’m happy to see a Solus user that was able to get this working.
I tried running the complie/make steps on this page, but it failed at qmake. Saying no such package.
I tried installing it with sudo eopkg install qmake but that also didn’t work.
Any suggestions? Thanks.
Please install the package qt5-base-devel via software center. After installation, qmake will be available in /usr/bin directory
unable to get it working with Ubuntu 19.10; no errors but it does not connect;
Start vpn:: “TPG2”
Debug: add logger “/home/jfz/.openfortigui/main.conf”
Debug: vpnManager::onClientConnected()
Debug: client api helo command:: 0 ::name:: “TPG2”
Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: “/home/jfz/.openfortigui/vpnprofiles/TPG2.conf”
Debug: static bool LibSecretKeyring::findPassword(const QString&, const QString&, QKeychain::JobPrivate*)
Debug: static bool LibSecretKeyring::findPassword(const QString&, const QString&, QKeychain::JobPrivate*)
Debug: vpnClientConnection::sendCMD:: “TPG2” :: 8
Debug: client disconnected:: “TPG2”
Debug: vpnManager::onClientVPNStatusChanged() “TPG2” status 0
Debug: MainWindow::onClientVPNStatusChanged:: “TPG2” ::status:: 0
Open File -> Settings
Enable -E Flag Option
Thank you vince.
I was struggling with the same issue.
did u solve the problem?
I try to use it to connect to my VPN, it just doesn’t work, no error message
Thanks sooo much for this application. It really has saved me being able to run this on Linux. The product from the actual vendor is a pile of shite. Thanks for doing their job for them.