Difference between revisions of "Linux VPN Setup"

From The University of Akron Support Wiki
Jump to: navigation, search
Line 2: Line 2:
  
 
<br><b>Fortigate Supported Linux Distributions</b><br>
 
<br><b>Fortigate Supported Linux Distributions</b><br>
<p>If you are running Fedora, CentOS, or Ubuntu, please follow the instructions for installation at Fortigate's support site to install from their application repositories.</p>
+
<p>If you are running Fedora, CentOS, or Ubuntu, there are updated versions of the VPN client.</p>
<p>'''https://www.forticlient.com/repoinfo'''</p>
+
<p>Once installed, please configure according to the instructions starting at step 11) below.</p>
+
  
<br><b>Other Distributions</b><br>
+
<br><b>To install on Red Hat or CentOS:</b><br>
<p>If you are running a different distribution Than the ones that Fortigate supports, you need the statically compiled version.  Instructions for installation are below.</p>
+
1. Obtain a FortiClient Linux installation rpm file from [https://uazips.sharepoint.com/sites/software/Shared%20Documents/forticlient_6.2.6.0356_x86_64.zip Here].  
<p>Tested on Ubuntu 18.04. The appearance of your windows may vary based on your system's configuration.</p>
+
<p><u>Note:</u> This procedure requires root privileges on the Linux workstation.</p>
+
  
=GUI Version=
+
2. In a terminal window, run the following command:
<table border="1" cellspacing="0" cellpadding="2" width="1000">
+
$ sudo yum install <FortiClient installation rpm file> -y
  
<tr>
+
   <FortiClient installation rpm file> is the full path to the downloaded rpm file.
   <td valign="top" width="39"><p>'''1.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>'''1 -''' Download a copy of the Fortinet SSL VPN Client for Linux to your Computer: [https://uazips.sharepoint.com/:u:/s/software/EY0PAvQbx25ItyCRzFiqc9wBT9dIkBhpzmVDnA8vjJUzuw?e=3ftoOz Click Here to Download] </p>
+
  <p>'''2 -''' In the file manager, navigate to the folder containing this file.</p>
+
  <p>'''NOTE: ''' You will need to sign into Microsoft Online with your UAkron email and password in order to download the installer.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_1.png]]</td>
+
</tr>
+
  
<tr>
+
<br><b>To install on Ubuntu:</b><br>
  <td valign="top" width="39"><p>'''2.)'''</p> </td>
+
1. Obtain a FortiClient Linux installation deb file from [https://uazips.sharepoint.com/sites/software/Shared%20Documents/forticlient_6.2.6.0356_amd64.zip Here].
  <td valign="top" width="600">
+
  <p>'''Right click''' the archive and select '''Extract Here'''.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_2.png]]</td>
+
</tr>
+
  
<tr>
+
2. Install FortiClient using the following command:
  <td valign="top" width="39"><p>'''3.)'''</p> </td>
+
$ sudo apt-get install <FortiClient installation deb file>
  <td valign="top" width="600">
+
  <p>'''Open''' the newly extracted folder.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_3.png]]</td>
+
</tr>
+
  
<tr>
+
   <FortiClient installation deb file> is the full path to the downloaded deb file.  
   <td valign="top" width="39"><p>'''4.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Navigate to the '''forticlientsslvpn folder'''.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_4.png]]</td>
+
</tr>
+
  
<tr>
+
<br>Once installed, please configure with the settings below:
  <td valign="top" width="39"><p>'''5.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Navigate to the '''64bit''' folder if your machine has a 64-bit processor. If not, navigate to the '''32bit''' foklder.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_5.png]]</td>
+
</tr>
+
  
<tr>
+
<b>Connection:</b> UA VPN
  <td valign="top" width="39"><p>'''6.)'''</p> </td>
+
<br><b>Server</b>: vpn.uakron.edu:443
  <td valign="top" width="600">
+
  <p>Double click the '''forticlientsslvpn file'''.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_6.png]]</td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''7.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Follow the prompts to grant privileges and accept the license agreement.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_7.png]]<p> </p>[[File:Linux_VPN_8.png]]<p> </p>[[File:Linux_VPN_9.png]]</td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''8.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>'''1 -''' The first time you run the client, you must configure the profile.</p>
+
  <p>'''2 -''' Click on '''Settings'''.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_10.png]]</td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''9.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>On the settings screen, click the '''+ button''' in the '''lower left corner''' to add a connection profile.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_11.png]]</td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''10.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Configure the profile to connect to '''vpn.uakron.edu on port 443'''.</p>
+
  <p>'''NOTE:''' that the default is 10443, which is not correct.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_12.png]]</td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''11.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Click the '''create button'''. You now can select the newly created profile and '''connect with your UANET credentials'''. A successful connection will result in a window showing traffic flowing in each direction. </p>
+
  <p>'''NOTE:''' If presented with a certificate error, accept it to continue.</p>
+
  <p>For connections in the future, just double click the forticlientsslvpn file as above – you will not need to repeat the configuration process. You may wish to create a shortcut to this file in your launcher or desktop. The procedure for that varies by distribution.</p>
+
  </td>
+
  <td align="center" valign="center" width="151">[[File:Linux_VPN_13.png]]</td>
+
</tr>
+
</table>
+
 
+
=CLI Version=
+
<table border="1" cellspacing="0" cellpadding="2" width="800">
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''1.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>'''NOTE: ''' This method requires iproute (or iproute2) & ppp.</p>
+
  <p>With root privileges, copy '''Forticlient SSLVPN tarball''' to an appropriate location, such as '''/usr/local/sbin/'''.</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''2.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Change directory to location of tarball file and, with root privileges, '''extract Forticlient SSLVPN tarball''':</p>
+
  <p></p> 
+
  <p>'''cd /usr/local/sbin/'''</p>
+
  <p>'''tar -xvzf forticlientsslvpn_linux_version.tar.gz'''</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''3.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Change directory to the location of the setup script appropriate to your architecture (32-bit or 64-bit):</p>
+
  <p>'''cd forticlientsslvpn/64bit/helper/'''</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''4.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>With root privileges, run the setup script and accept the license:</p>
+
  <p>'''./setup.linux.sh'''</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''5.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>Change directory to the parent of the current directory,which in this case would be '''forticlientsslvpn/64bit/''':</p>
+
  <p>'''cd ../'''</p>
+
  <p>'''NOTE: Full path should be /usr/local/sbin/forticlientsslvpn/64bit/'''</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''6.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>With root privileges, run the GUI-based client to configure the VPN connection parameters:</p>
+
  <p>'''./forticlientsslvpn'''</p>
+
  <p>On the main screen, click the '''Settings''' button.</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''7.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>On the settings screen, '''click the + button''' at the bottom of the '''Connection Profiles column''' to create a new profile.</p>
+
  <p>In this case, the profile is simply named '''ua'''.</p>
+
  <p>'''Enter the following:'''</p>
+
  <p>    -The name or IP address of the VPN server - '''vpn.uakron.edu'''</p>
+
  <p>    -The port on which it is listening for connections - '''443'''</p>
+
  <p>    -Your '''UANet ID''' and '''password'''.</p>
+
  <p>Click '''Done''' and then '''quit the forticlientsslvpn application'''.</p>
+
  <p>'''Note:''' It seems to be a quirk of the application, but you must quit and restart it when you change settings, such as changing your password.</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''8.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>With root privileges, run the GUI-based client and click the '''Connect''' button.</p>
+
  <p>If all goes well, a connection status window should appear which will show that the tunnel is running.</p>
+
  <p>To disconnect, click the '''Stop''' button.</p>
+
  </td>
+
</tr>
+
 
+
<tr>
+
  <td valign="top" width="39"><p>'''9.)'''</p> </td>
+
  <td valign="top" width="600">
+
  <p>'''Note: '''You may want to configure a desktop shortcut to the forticlientsslvpn application. How this is done will depend on your desktop environment. Remember that the shortcut will need to run the application with root privileges.</p>
+
  <p>For example, in the Trinity Desktop Environment, the command tdesu followed by an executable application will prompt for the root password and then run the application with root privileges. The command which the desktop shortcut should run would be as follows:</p>
+
  <p>'''tdesu /usr/local/sbin/forticlientsslvpn/64bit/forticlientsslvpn'''</p>
+
  </td>
+
</tr>
+
</table>
+

Revision as of 16:53, 31 March 2020

Notice.png Please note
Please note – Fortinet has changed their public repositories to a version that does not have VPN remote access capabilities. The version below is available only with a support contract. If you previously installed from the Fortinet repo, you likely need to remove the old version before following the instructions below.


Fortigate Supported Linux Distributions

If you are running Fedora, CentOS, or Ubuntu, there are updated versions of the VPN client.


To install on Red Hat or CentOS:
1. Obtain a FortiClient Linux installation rpm file from Here.

2. In a terminal window, run the following command: $ sudo yum install <FortiClient installation rpm file> -y

  <FortiClient installation rpm file> is the full path to the downloaded rpm file.


To install on Ubuntu:
1. Obtain a FortiClient Linux installation deb file from Here.

2. Install FortiClient using the following command: $ sudo apt-get install <FortiClient installation deb file>

  <FortiClient installation deb file> is the full path to the downloaded deb file. 


Once installed, please configure with the settings below:

Connection: UA VPN
Server: vpn.uakron.edu:443