HelpDesk
sign in

VPN for Linux

Creation date: 3/15/2023 3:35 PM    Updated: 9/16/2024 2:54 PM   forticlient linux vpn
Print...
There are are two options for installing the VPN on Linux: the official GUI application, and an open source CLI application. Note that in order to use the VPN, you need to enroll your phone for DUO two-factor authentication first. You can view that knowledge base article here:


Official GUI application Instructions:


FortiClient is now offered as a GUI application for Linux. Below is the download link for the .RPM packages:



After you download the package, install it using your Linux distro's package manager. After it's done installing, open Forticlient, and accept the terms and conditions.

- Select "Configure VPN"
- Enter the following in the three info bubbles in this order. The rest of the settings will stay the same:

Connection Name: CSHL
Description: CSHL
Remote Gateway: vpn.cshl.edu

Press Save. After this, you should be able to log into FortiClient with your username (NOT your full email address) and password.
  

Open Source CLI application Instructions:


These are the instructions that have helped others for installing the open source CLI version of the VPN, openfortinetvpn:

$ sudo apt update
$ sudo apt install openfortivpn
$ sudo openfortivpn vpn.cshl.edu:443 -u username
Password:
Error message about trusting the SSL certificate
Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
--trusted-cert 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6
or add this line to your config file /etc/openfortivpn/config:
trusted-cert = 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6

Gateway certificate:
subject:
C=US
ST=New York
L=Cold Spring Harbor
O=Cold Spring Harbor Laboratory
CN=*.cshl.edu
issuer:
C=US
O=Entrust, Inc.
OU=See www.entrust.net
legal-terms
OU=(c) 2012 Entrust, Inc. - for authorized use only
CN=Entrust Certification Authority - L1K
sha256 digest:
1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6

If you get that error, you can add to the command
$ sudo openfortivpn vpn.cshl.edu:443 -u username --trusted-cert 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6
password
gives 143.48.116.xxx IP address after Duo authentication
In the error message, has the path to add the certificate key

Let us know if that works or if you need further support please.
Get help for this page