How to setup VPN on Linux
Prior you must configure DUO mobile https://intranet.cshl.edu/info-technology/knowledge-base/duo-authentication/ before installing and using VPN on your system.
To install openfortivpn from terminal
Reminder, when executing sudo, this is your local admin password when prompted
$ sudo apt update
$ sudo apt install openfortivpn
** The sudo command should not be asking for your local admin password at this point. This password will be your CSHL credentials.
$ sudo openfortivpn vpn.cshl.edu:443 -u cshluser
Password:
There will be an error message about trusting the SSL certificate. Example:
Reminder, when executing sudo, this is your local admin password when prompted
$ sudo apt update
$ sudo apt install openfortivpn
** The sudo command should not be asking for your local admin password at this point. This password will be your CSHL credentials.
$ sudo openfortivpn vpn.cshl.edu:443 -u cshluser
Password:
There will be an error message about trusting the SSL certificate. Example:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
--trusted-cert 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6
or add this line to your config file /etc/openfortivpn/config:
trusted-cert = 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
--trusted-cert 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6
or add this line to your config file /etc/openfortivpn/config:
trusted-cert = 1f9b63379d75e9f3f4f133167be7a3a7ee2c81bdc8ed06f8b8b068986868a8c6
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Just copy the line on your screen, trusted-cert = xxxxxsszxxxxxxxxx
into your clipboard. Then edit the config file. Path is in the message but should be similar to this.
$ sudo gedit /etc/openfortivpn/config
You can also save your name, server address and port in the config file. Otherwise just enter
$ sudo openfortivpn vpn.cshl.edu:443 -u cshluser
password:
You will get a DUO notification for approval.
into your clipboard. Then edit the config file. Path is in the message but should be similar to this.
$ sudo gedit /etc/openfortivpn/config
You can also save your name, server address and port in the config file. Otherwise just enter
$ sudo openfortivpn vpn.cshl.edu:443 -u cshluser
password:
You will get a DUO notification for approval.