Headless Fortinet SSL VPN Client Setup on CentOS: CLI-Only Configuration Guide for Linux Servers


2 views

Before we begin, ensure you have:

- CentOS 7/8 minimal installation
- Root or sudo privileges
- FortiClient VPN package (sslvpnclient-x.x.x.xxx.rpm)
- Basic firewall ports open (TCP 443, UDP 1194)

First, transfer your RPM package to the server using SCP:

scp sslvpnclient-x.x.x.xxx.rpm user@your_vps:/tmp/

Install dependencies and the VPN client:

sudo yum install -y libxml2 openssl
sudo rpm -ivh /tmp/sslvpnclient-*.rpm

Create a configuration file at /etc/forticlient/sslvpn/fortisslvpn.conf:

[general]
host=your.vpn.server.com
port=443
username=your_username
password=your_password
realm=ldap  # or empty for local authentication

Start the VPN service:

sudo systemctl start forticlientsslvpn

Check connection status:

sudo /opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli --status

Create a bash script for easy connection management:

#!/bin/bash
case "$1" in
    start)
        systemctl start forticlientsslvpn
        ;;
    stop)
        systemctl stop forticlientsslvpn
        ;;
    status)
        /opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli --status
        ;;
    *)
        echo "Usage: $0 {start|stop|status}"
esac

Common issues and solutions:

# Error: "Cannot resolve hostname"
- Verify DNS settings in /etc/resolv.conf
- Try using IP address instead of hostname

# Authentication failures
- Check /var/log/forticlient-sslvpn.log
- Verify your credentials and authentication realm

Before proceeding, ensure you have:

  • Root or sudo privileges on your CentOS VPS
  • FortiClient SSL VPN Linux package (typically .tar.gz)
  • VPN server address and your credentials
  • Basic familiarity with Linux command line

First, download the appropriate Linux version from Fortinet's support site. If you're using wget:

wget https://example.com/forticlient-sslvpn-linux-x64.tar.gz
tar -xzvf forticlient-sslvpn-linux-x64.tar.gz
cd forticlient-sslvpn/

The package typically contains both GUI and CLI components. We'll focus on the CLI installation:

sudo ./install.sh

For minimal installation (CLI-only):

sudo ./install.sh --nodeps --nopreinstall --noinstallgui

After installation, configure your VPN connection:

sudo /opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli \
--server vpn.yourcompany.com:443 \
--username your_username \
--keepalive

For automated connections, create a config file at ~/.forticlient/config:

[server]
host=vpn.yourcompany.com
port=443

[auth]
username=your_username
password=your_password

Issue: Missing dependencies
Fix: Install required packages:

sudo yum install libstdc++.so.6 libgcc_s.so.1

Issue: Connection timeouts
Fix: Add keepalive parameter:

--keepalive --keepalive-timeout 30

Create a bash script for easy connection:

#!/bin/bash
/opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli \
--server vpn.yourcompany.com \
--username $VPN_USER \
--password $VPN_PASS \
--keepalive

Make it executable:

chmod +x vpn_connect.sh
  • Check logs at /var/log/forticlient.log
  • Verify network connectivity to the VPN server
  • Ensure correct permissions on config files
  • Test with --debug flag for detailed output

For split tunneling or custom routes, create a routing configuration file:

[routing]
route=192.168.1.0/24
route=10.0.0.0/8