Thanks to contributors. I built my first Arch package and I'm now a happy camper using the "official" client 7.2.0.0644.
How do we know there is an updated version available and a rebuild is needed ? Does the client GUI check and inform ?
Git Clone URL: | https://aur.archlinux.org/forticlient-vpn.git (read-only, click to copy) |
---|---|
Package Base: | forticlient-vpn |
Description: | Build through the official package of FortiClient VPN only |
Upstream URL: | https://www.fortinet.com/support/product-downloads |
Keywords: | FortiClient Fortinet VPN |
Licenses: | custom:fortinet |
Conflicts: | forticlient |
Provides: | FortiClient, fortivpn |
Submitter: | douglasimcabral |
Maintainer: | Meowser |
Last Packager: | Meowser |
Votes: | 15 |
Popularity: | 0.001520 |
First Submitted: | 2020-09-05 13:48 (UTC) |
Last Updated: | 2024-07-31 20:51 (UTC) |
Thanks to contributors. I built my first Arch package and I'm now a happy camper using the "official" client 7.2.0.0644.
How do we know there is an updated version available and a rebuild is needed ? Does the client GUI check and inform ?
@Mitch Ah, my bad, missed a comment below. Yeah, I tried it, works like a charm! Thanks for pointing my attention on it.
PKGBUILD and install script is posted a few comments below. For building and installing: https://wiki.archlinux.org/title/Makepkg#Usage
@Mitch I'd be happy to try it. Can you please post link where I can get it? Thanks!
@MikeTheRat I had the same problem, i'm using harappan's PKGBUILD for 7.0.7 which works great.
Hi! After latest Garuda linux update I can't connect to my work VPN for some reason.I keep getting "routing configuration failed" error right after starting to connect, at the same moment. I had to revert my update to latest pre-update snapshot to get forticlient-vpn working again. Is there any hope to get update for this package? Thanks!
is there a possibility that Douglas updates the main package ?
There is an new version (7.2) which works way better with SSO signins. Since for some reason this file is not listed on the fortinet repo i added it to another one.
# Contributor: Jurgen <jurgen at insan3 dot nl> pkgname=forticlient_vpn pkgver=7.2.0.0644 pkgrel=1 pkgdesc="An fortinet sslvpn application" arch=('x86_64') url="https://www.forticlient.com" license=('custom') groups=() provides=(forticlient_vpn) depends=('libxss' 'libsecret' 'alsa-lib' 'libnotify' 'gtk3' 'nss' 'libxcrypt-compat' 'libappindicator-gtk2') backup=('etc/forticlient/config.db') options=('!strip' '!emptydirs') source=("http://mirror.previder.nl/deb/pool/main/${pkgname}_${pkgver}_amd64.deb") sha512sums=('a21047dc80d2af8578fee0196bac039401df7c6914b2527f3b6da9f0c1ab2875d2fc065f71e82ce729b6141228dc3d3af637eff3509dc209d8cbecf80ca3b0b8') package(){ # Extract package data tar xf data.tar.xz -C "${pkgdir}" # Fix directory structure differences cd "${pkgdir}" mkdir -p usr/lib 2> /dev/null; mv lib/* usr/lib; rm -rf lib mkdir -p var/lib/forticlient cd .. }
PKGBUILD
# Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com>
pkgname=forticlient-vpn
pkgver=7.0.7.0246
pkgrel=2
pkgdesc="Build through the official package of FortiClient VPN only"
arch=("x86_64")
url="https://www.fortinet.com/support/product-downloads"
license=('custom:fortinet')
depends=('systemd' 'nss' 'gtk3' 'libxss' 'polkit' 'openssl' 'libnotify' 'org.freedesktop.secrets' 'libappindicator-gtk2')
optdepends=(
'mate-polkit: for polkit authentication for the MATE'
'polkit-gnome: for polkit authentication for the GNOME'
'polkit-kde-agent: for polkit authentication for the KDE'
'deepin-polkit-agent: for polkit authentication for the Deepin'
'pantheon-polkit-agent: for polkit authentication for the Pantheon'
'lxqt-policykit: for polkit authentication for the LXQt'
)
provides=('fortivpn' 'FortiClient')
install='forticlient-vpn.install'
source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb")
sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e')
package() {
bsdtar -xf data.tar.xz -C "$pkgdir/"
install -Dm644 "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service"
rm -rf "${pkgdir}/lib"
# Install license
install -Dm 644 "${pkgdir}/usr/share/doc/forticlient/copyright" "${pkgdir}/usr/share/licenses/fortinet/LICENSE"
# Symbolic link to fortivpn CLI
mkdir -p ${pkgdir}/usr/bin
ln -sf '/opt/forticlient/fortivpn' "${pkgdir}/usr/bin/fortivpn"
[[ -d /var/lib/forticlient ]] || mkdir /var/lib/forticlient
}
forticlient-vpn.install
pre_install () {
BACKUP_DIR=/etc/forticlient/.old
FCT_CONFIG_DB=/etc/forticlient/config.db
FCT_CONFIG=/etc/forticlient/config.xml
EC_CONFIG=/opt/forticlient/XMLs/ecdata.xml
# Backup old XML configurations if they exist so they can
# be imported on start up if upgrading from an older FCT version
if [ -f $FCT_CONFIG_DB ] || [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then
mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR
else
exit 0
fi
if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG_DB ]; then
cp $FCT_CONFIG_DB $BACKUP_DIR
fi
if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG ]; then
cp $FCT_CONFIG $BACKUP_DIR
fi
if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $EC_CONFIG ]; then
cp $EC_CONFIG $BACKUP_DIR
fi
exit 0
}
pre_upgrade () {
# Check if forticlient is registered to EMS if it's an uninstall
if [ -f /opt/forticlient/.fct_ec_registered ]; then
echo "Error: Unable to uninstall forticlient while connected to EMS"
exit 1
fi
# Remove old symlink when upgrading from older versions
if [ -f /usr/bin/FortiClient ]; then
pkill -f /usr/bin/FortiClient
rm -rf /usr/bin/FortiClient
fi
}
post_install() {
# Remove older version directories and files when upgrading
if [ -d /usr/bin/forticlient ]; then
pkill -f /usr/bin/forticlient
rm -rf /usr/bin/forticlient
fi
# Remove old configuration files when upgrading from older versions
if [ -f /etc/forticlient/config.xml ]; then
rm -rf /etc/forticlient/config.xml
fi
if [ -f /etc/forticlient/config_backup.xml ]; then
rm -rf /etc/forticlient/config_backup.xml
fi
# Remove old pid lock
if [ -f /tmp/.forticlient/fortivpn.pid ]; then
rm -rf /tmp/.forticlient/fortivpn.pid
fi
if [ -f /opt/forticlient/Fortitray.desktop ]; then
ln -sf /opt/forticlient/Fortitray.desktop /etc/xdg/autostart/Fortitray.desktop
fi
if [ -f /opt/forticlient/Fortivpn.desktop ]; then
ln -sf /opt/forticlient/Fortivpn.desktop /etc/xdg/autostart/Fortivpn.desktop
fi
# Restore permissions to all files
if [ -f /opt/forticlient/.repackaged ] && [ -f /opt/forticlient/.acl ]; then
(
cd /
setfacl --restore /opt/forticlient/.acl
)
fi
if [ -f /etc/forticlient/servers.conf ]; then
chmod 600 /etc/forticlient/servers.conf
fi
# Create GUI symlink to launch from terminal
if [ -f /opt/forticlient/gui/FortiClient-linux-x64/FortiClient ]; then
ln -sf /opt/forticlient/gui/FortiClient-linux-x64/FortiClient /usr/bin/forticlient
fi
# Launch fortitray
if [ -f /opt/forticlient/fortitraylauncher ]; then
if [ ! -z "$(logname 2>/dev/null)" ]; then
user="$(logname 2>/dev/null)"
elif [ ! -z "$SUDO_USER" ]; then
user="$SUDO_USER"
else
user=$(users 2>/dev/null | cut -d ' ' -f1)
fi
# Need to find the user DBUS address, otherwise Fortitray icon won't show
DBUS_SESSION_BUS_ADDRESS=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DBUS_SESSION_BUS_ADDRESS=')
DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS#*=}
# XAUTHORITY and DISPLAY needed by Fortitray to run
XAUTHORITY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XAUTHORITY=')
XAUTHORITY=${XAUTHORITY#*=}
DISPLAY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DISPLAY=')
DISPLAY=${DISPLAY#*=}
XDG_RUNTIME_DIR=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XDG_RUNTIME_DIR=')
XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR#*=}
# Start fortitraylauncher while forwarding environment variables needed by Fortitray
su ${user} -c "env XAUTHORITY=$XAUTHORITY \
DISPLAY=$DISPLAY \
DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \
XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
setsid /opt/forticlient/fortitraylauncher &>/dev/null &"
fi
# Update icons cache so icon will show correctly
if [ -f /usr/share/icons/hicolor/48x48/apps/forticlient.png ]; then
gtk-update-icon-cache -f /usr/share/icons/hicolor || true
fi
# Setup forticlient protocol handler
if [ -f /usr/share/applications/forticlient-register.desktop ]; then
update-desktop-database
fi
# Stop reload daemons
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload > /dev/null || true
fi
}
post_upgrade() {
cat << EOF
==> After upgrade, to restore your config, copy old file from /etc/forticlient/.old/ to /etc/forticlient/
EOF
}
pre_remove() {
# Stop fortitray
if [ -f /tmp/.forticlient/fortitraylauncher ]; then
echo "terminate" > /tmp/.forticlient/fortitraylauncher || true
fi
# Remove ZTNA browser certificates
if [ -f /usr/bin/certutil ]; then
find /home /root -regextype posix-extended \
-regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \
-maxdepth 5 -print0 2>/dev/null |
while IFS= read -r -d $'\0' p; do
/usr/bin/certutil -F -n FCT_ZTNA -d sql:"$p" 2>/dev/null || true;
/usr/bin/certutil -D -n FCT_ZTNA_CA -d sql:"$p" 2>/dev/null || true;
done
fi
# Stop forticlient service
if [ -d /run/systemd/system ]; then
systemctl stop forticlient-scheduler.service
fi
if [ -d /run/systemd/system ]; then
systemctl stop forticlient.service
fi
pkill -f /opt/forticlient
exit 0
}
post_remove() {
# Stop reload daemons
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload > /dev/null || true
fi
# Remove shared memory
rm -rf /var/run/fctc.s || true
# Remove Fortitray.desktop symlink
rm -rf /etc/xdg/autostart/Fortitray.desktop || true
# Remove fortitraylauncher fifo
rm -rf /tmp/.forticlient/fortitraylauncher || true
# Remove VPN autostart launcher symlink
rm -rf /etc/xdg/autostart/Fortivpn.desktop || true
# Remove GUI symlink
rm -rf /usr/bin/forticlient || true
# Remove fortivpn symlink
rm -rf /usr/bin/forticlient || true
# Remove FortiClient scheduler
rm -rf /lib/systemd/system/forticlient.service || true
# Remove FortiClient binaries
rm -rf /opt/forticlient || true
# Remove fortitray policy
rm -rf /usr/share/polkit-1/actions/org.fortinet.fortitray.policy || true
# Remove forticlient policy
rm -rf /usr/share/polkit-1/actions/org.fortinet.forticlient.policy || true
exit 0
}
I'm on 7.0.7 FCT VPN only(the gratis one) which is unfortunately available only via Support Portal. Fortinet does not seem to care to update the public one over @forticlient.com (Afterwards I saw that they finally manged to update it)
https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb
So, I've had the same white menu issue in my case I checked the forticlient service and I was getting timeouts
systemctl status forticlient.service
fctsched Error receiving message from confighandler: Connection time out
fctsched Error receiving message from confighandler: Connection time out
I stopped the service and did an strace for confighandler that pointed me to a missing directory.
I've created the /var/lib/forticlient
directory and restarted the forticlient service which resulted in no more timeouts. Also the white menu was gone and I could use the VPN Client
We use SAML+MFA which succeeded but the client was unable to establish a connection
I change the log level and afterwards I was seeing in debug sslvpn logs
[sslvpn:EROR] vif:30 Failed open tun device
[sslvpn:EROR] vpn_connection:1264 Create VPN network interface failed
[sslvpn:EROR] vpn_connection:2131 Restore DNS failed
I set
sudo setcap -r cap_net_admin,cap_net_bind_service+ep /opt/forticlient/fortivpn
which seems to help. Perhaps it should be included in the install script and avoid the sudoers all together.
Pinned Comments
douglasimcabral commented on 2022-11-10 15:37 (UTC) (edited on 2023-03-10 00:41 (UTC) by douglasimcabral)
Community,
The Fortinet provides two products, "FortiClient EMS" and "FortiClient VPN only". This package only correspond to "FortiClient VPN only" and your lastest version is 7.0.7.0246 at 03-09-2023.
If you are interested in "FortiClient EMS", I suggest following the AUR package 'forticlient' [https://aur.archlinux.org/packages/forticlient]