Hi,
my latest /etc/openfortivpn/config is the following:
### configuration file for openfortivpn, see man openfortivpn(1) ###
host = ***.***.***.***
port = ****
username = ****************
# Password in plain text.
# For a secure alternative, use pinentry or let openfortivpn prompt for the password.
password = ************
# The pinentry program to use. Allows supplying the password in a secure manner.
# pinentry = pinentry-mac
# realm = some-realm
# useful for a gui that passes a configuration file to openfortivpn
# otp = 123456
# otp-delay = 0
# otp-prompt = Please
# This would disable FTM push notification support, and use OTP instead
# no-ftm-push = 1
# user-cert = /etc/openfortivpn/user-cert.pem
# user-cert = pkcs1: # use smartcard as client certificate
# user-key = /etc/openfortivpn/user-key.pem
# pem-passphrase = baz
# the sha256 digest of the trusted host certs obtained by
# openssl dgst -sha256 server-cert.crt:
trusted-cert = ****************************************************************
# trusted-cert = othercertificatedigest6631bf...
# This would specify a ca bundle instead of system-wide store
# ca-file = /etc/openfortivpn/ca-bundle.pem
set-dns = 1
use-resolvconf = 1
set-routes = 1
half-internet-routes = 0
pppd-use-peerdns = 1
# alternatively, use a specific pppd plugin instead
# pppd-plugin = /usr/lib/pppd/default/some-plugin.so
# for debugging pppd write logs here
pppd-log = /var/log/pppd.log
# pass ppp interface name to pppd (if supported by a patched pppd)
# pppd-ifname = ppp1
# pass an ipparam string to pppd, e.g. the device name (a similar use case)
# pppd-ipparam = 'device=$DEVICE'
# instruct pppd to call a script instead of passing arguments (if pppd supports it)
# pppd-call = script
# use-syslog = 0
insecure-ssl = 1
cipher-list = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
# persistent = 0
seclevel-1 = 0
(actually, I've already tried a lot of different options)
Then, all I get is:
DEBUG: ATTENTION: the output contains sensitive information such as the THE CLEAR TEXT PASSWORD.
DEBUG: openfortivpn 1.19.0
DEBUG: Loaded configuration file "/etc/openfortivpn/config".
DEBUG: Loaded password from configuration file "/etc/openfortivpn/config"
DEBUG: Configuration host = "***.***.***.***"
DEBUG: Configuration realm = ""
DEBUG: Configuration port = "****"
DEBUG: Configuration username = "****************"
DEBUG: Configuration password = "************"
DEBUG: Resolving gateway host ip
DEBUG: Establishing ssl connection
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPIDLE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 9
DEBUG: SO_SNDBUF: 16384
DEBUG: SO_RCVBUF: 131072
DEBUG: server_addr: ***.***.***.***
DEBUG: server_port: ****
DEBUG: gateway_addr: ***.***.***.***
DEBUG: gateway_port: ****
ERROR: connect: Connection timed out
INFO: Closed connection to gateway.
Also I have openfortigui. It works like a charm with the following configuration:
[cert]
ca_file=
trust_all_gw_certs=true
trusted_cert=****************************************************************
user_cert=
user_key=
verify_cert=false
[options]
always_ask_otp=false
autostart=false
debug=false
half_internet_routers=false
insecure_ssl=false
min_tls=Default
otp_delay=0
otp_prompt=
pppd_call=
pppd_ifname=
pppd_ipparam=
pppd_log_file=/var/log/pppd.log
pppd_no_peerdns=false
pppd_plugin_file=
realm=
seclevel1=false
set_dns=true
set_routes=true
[vpn]
device_type=0
gateway_host=***.***.***.***
gateway_port=****
name=********
password="************************"
persistent=false
username=****************
What is especially puzzling about the whole thing is that openfortigui does use openfortivpn under the hood (or it is supposed to).
Any clues? Am I doing anything wrong? Thanks.
Hi,
my latest /etc/openfortivpn/config is the following:
(actually, I've already tried a lot of different options)
Then, all I get is:
Also I have openfortigui. It works like a charm with the following configuration:
What is especially puzzling about the whole thing is that openfortigui does use openfortivpn under the hood (or it is supposed to).
Any clues? Am I doing anything wrong? Thanks.