{"id":13562770,"url":"https://github.com/adrienverge/openfortivpn","last_synced_at":"2025-04-23T20:48:08.192Z","repository":{"id":26422169,"uuid":"29872502","full_name":"adrienverge/openfortivpn","owner":"adrienverge","description":"Client for PPP+TLS VPN tunnel services","archived":false,"fork":false,"pushed_at":"2025-02-13T09:20:30.000Z","size":1283,"stargazers_count":2890,"open_issues_count":118,"forks_count":335,"subscribers_count":50,"default_branch":"master","last_synced_at":"2025-04-09T00:11:08.258Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adrienverge.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-01-26T17:25:00.000Z","updated_at":"2025-04-05T07:27:30.000Z","dependencies_parsed_at":"2023-01-14T04:37:31.497Z","dependency_job_id":"7eb63f65-50b2-418e-b563-38bcebc19f6a","html_url":"https://github.com/adrienverge/openfortivpn","commit_stats":{"total_commits":761,"total_committers":79,"mean_commits":9.632911392405063,"dds":"0.49014454664914586","last_synced_commit":"371edb5cdbdc53ca1c952cfc180318634e396015"},"previous_names":[],"tags_count":44,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adrienverge%2Fopenfortivpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adrienverge%2Fopenfortivpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adrienverge%2Fopenfortivpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adrienverge%2Fopenfortivpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adrienverge","download_url":"https://codeload.github.com/adrienverge/openfortivpn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250513676,"owners_count":21443204,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T13:01:12.111Z","updated_at":"2025-04-23T20:48:08.173Z","avatar_url":"https://github.com/adrienverge.png","language":"Perl","funding_links":[],"categories":["Perl","Security","System"],"sub_categories":["Sensor and Acuator Interfaces","Security"],"readme":"openfortivpn\n============\n\nopenfortivpn is a client for PPP+TLS VPN tunnel services.\nIt spawns a pppd process and operates the communication between the gateway and\nthis process.\n\nIt is compatible with Fortinet VPNs.\n\nUsage\n-----\n\n```shell\nman openfortivpn\n```\n\nExamples\n--------\n\n* Simply connect to a VPN:\n  ```shell\n  openfortivpn vpn-gateway:8443 --username=foo\n  ```\n\n* Connect to a VPN using an authentication realm:\n  ```shell\n  openfortivpn vpn-gateway:8443 --username=foo --realm=bar\n  ```\n\n* Store password securely with a pinentry program:\n  ```shell\n  openfortivpn vpn-gateway:8443 --username=foo --pinentry=pinentry-mac\n  ```\n\n* Connect with a user certificate and no password:\n  ```shell\n  openfortivpn vpn-gateway:8443 --username= --password= --user-cert=cert.pem --user-key=key.pem\n  ```\n\n* Connect using SAML login:\n  ```shell\n  openfortivpn vpn-gateway:8443 --saml-login\n  ```\n\n* Don't set IP routes and don't add VPN nameservers to `/etc/resolv.conf`:\n  ```shell\n  openfortivpn vpn-gateway:8443 -u foo --no-routes --no-dns --pppd-no-peerdns\n  ```\n\n* Using a configuration file:\n  ```shell\n  openfortivpn -c /etc/openfortivpn/my-config\n  ```\n\n  With `/etc/openfortivpn/my-config` containing:\n  ```ini\n  host = vpn-gateway\n  port = 8443\n  username = foo\n  set-dns = 0\n  pppd-use-peerdns = 0\n  # X509 certificate sha256 sum, trust only this one!\n  trusted-cert = e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db\n  ```\n\n* For the full list of config options, see the `CONFIGURATION` section of\n  ```shell\n  man openfortivpn\n  ```\n\nSmartcard\n---------\n\nSmartcard support needs `openssl pkcs engine` and `opensc` to be installed.\nThe pkcs11-engine from libp11 needs to be compiled with p11-kit-devel installed.\nCheck [#464](https://github.com/adrienverge/openfortivpn/issues/464) for a discussion\nof known issues in this area.\n\nTo make use of your smartcard put at least `pkcs11:` to the user-cert config or commandline\noption. It takes the full or a partial PKCS#11 token URI.\n\n```ini\nuser-cert = pkcs11:\nuser-cert = pkcs11:token=someuser\nuser-cert = pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=012345678;token=someuser\nusername =\npassword =\n```\n\nIn most cases `user-cert = pkcs11:` will do it, but if needed you can get the token-URI\nwith `p11tool --list-token-urls`.\n\nMultiple readers are currently not supported.\n\nSmartcard support has been tested with Yubikey under Linux, but other PIV enabled\nsmartcards may work too. On Mac OS X Mojave it is known that the pkcs engine-by-id\nis not found.\n\nInstalling\n----------\n\n### Installing existing packages\n\nSome Linux distributions provide `openfortivpn` packages:\n* [Fedora / CentOS](https://packages.fedoraproject.org/pkgs/openfortivpn)\n* [openSUSE / SLE](https://software.opensuse.org/package/openfortivpn)\n* [Gentoo](https://packages.gentoo.org/packages/net-vpn/openfortivpn)\n* [NixOS](https://github.com/NixOS/nixpkgs/tree/master/pkgs/tools/networking/openfortivpn)\n* [Arch Linux](https://archlinux.org/packages/extra/x86_64/openfortivpn)\n* [Debian](https://packages.debian.org/stable/openfortivpn)\n* [Ubuntu](https://packages.ubuntu.com/search?keywords=openfortivpn)\n* [Solus](https://dev.getsol.us/source/openfortivpn/)\n* [Alpine Linux](https://pkgs.alpinelinux.org/package/edge/testing/x86_64/openfortivpn)\n\nOn macOS both [Homebrew](https://formulae.brew.sh/formula/openfortivpn) and\n[MacPorts](https://ports.macports.org/port/openfortivpn)\nprovide an `openfortivpn` package.\nEither [install Homebrew](https://brew.sh/) then install openfortivpn:\n```shell\n# Install 'Homebrew'\n/usr/bin/ruby -e \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)\"\n\n# Install 'openfortivpn'\nbrew install openfortivpn\n```\n\nor [install MacPorts](https://www.macports.org/install.php) then install openfortivpn:\n```shell\n# Install 'openfortivpn'\nsudo port install openfortivpn\n```\n\nA more complete overview can be obtained from [repology](https://repology.org/project/openfortivpn/versions).\n\n### Building and installing from source\n\nFor other distros, you'll need to build and install from source:\n\n1.  Install build dependencies.\n\n    * RHEL/CentOS/Fedora: `gcc` `automake` `autoconf` `openssl-devel` `make` `pkg-config`\n    * Debian/Ubuntu: `gcc` `automake` `autoconf` `libssl-dev` `make` `pkg-config`\n    * Arch Linux: `gcc` `automake` `autoconf` `openssl` `pkg-config`\n    * Gentoo Linux: `net-dialup/ppp` `pkg-config`\n    * openSUSE: `gcc` `automake` `autoconf` `libopenssl-devel` `pkg-config`\n    * macOS (Homebrew): `automake` `autoconf` `openssl@1.1` `pkg-config`\n    * FreeBSD: `automake` `autoconf` `libressl` `pkgconf`\n\n    On Linux, if you manage your kernel yourself, ensure to compile those modules:\n    ```text\n    CONFIG_PPP=m\n    CONFIG_PPP_ASYNC=m\n    ```\n\n    On macOS, install 'Homebrew' to install the build dependencies:\n    ```shell\n    # Install 'Homebrew'\n    /usr/bin/ruby -e \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)\"\n\n    # Install Dependencies\n    brew install automake autoconf openssl@1.1 pkg-config\n\n    # You may need to make this openssl available to compilers and pkg-config\n    export LDFLAGS=\"-L/usr/local/opt/openssl/lib $LDFLAGS\"\n    export CPPFLAGS=\"-I/usr/local/opt/openssl/include $CPPFLAGS\"\n    export PKG_CONFIG_PATH=\"/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH\"\n    ```\n\n2.  Build and install.\n\n    ```shell\n    ./autogen.sh\n    ./configure --prefix=/usr/local --sysconfdir=/etc\n    make\n    sudo make install\n    ```\n\n    If targeting platforms with pppd \u003c 2.5.0 such as current version of macOS,\n    we suggest you configure with option --enable-legacy-pppd:\n\n    ```shell\n    ./autogen.sh\n    ./configure --prefix=/usr/local --sysconfdir=/etc --enable-legacy-pppd\n    make\n    sudo make install\n    ```\n\n    If you need to specify the openssl location you can set the `$PKG_CONFIG_PATH`\n    environment variable. For fine-tuning check the available configure arguments\n    with `./configure --help` especially when you are cross compiling.\n\n    Finally, install runtime dependency `ppp` or `pppd`.\n\nRunning as root?\n----------------\n\nopenfortivpn needs elevated privileges at three steps during tunnel set up:\n\n* when spawning a `/usr/sbin/pppd` process;\n* when setting IP routes through VPN (when the tunnel is up);\n* when adding nameservers to `/etc/resolv.conf` (when the tunnel is up).\n\nFor these reasons, you need to use `sudo openfortivpn`.\nIf you need it to be usable by non-sudoer users, you might consider adding an\nentry in `/etc/sudoers` or a file under `/etc/sudoers.d`.\n\nFor example:\n```shell\nvisudo -f /etc/sudoers.d/openfortivpn\n```\n```text\nCmnd_Alias  OPENFORTIVPN = /usr/bin/openfortivpn\n\n%adm       ALL = (ALL) OPENFORTIVPN\n```\nAdapt the above example by changing the `openfortivpn` path or choosing\na group different from `adm` - such as a dedicated `openfortivpn` group.\n\n**Warning**: Make sure only trusted users can run openfortivpn as root!\nAs described in [#54](https://github.com/adrienverge/openfortivpn/issues/54),\na malicious user could use `--pppd-plugin` and `--pppd-log` options to divert\nthe program's behaviour.\n\nSSO/SAML/2FA\n------------\n\nIn some cases, the server may require the VPN client to load and interact\nwith a web page containing JavaScript. Depending on the complexity of the\nweb page, interpreting the web page might be beyond the reach of a command\nline program such as openfortivpn.\n\nIn such cases, you may use an external program spawning a full-fledged\nweb browser such as\n[openfortivpn-webview](https://github.com/gm-vm/openfortivpn-webview)\nto authenticate and retrieve a session cookie. This cookie can be fed\nto openfortivpn using option `--cookie-on-stdin`. Obviously, such a\nsolution requires a graphic session.\n\nWhen started using `--saml-login` the program creates a web server that\naccepts SAML login requests. To login using SAML you just have to open\n`\u003cyour-vpn-domain\u003e/remote/saml/start?redirect=1` and follow the login steps.\nAt the end of the login process the page will be redirected to\n`http://127.0.0.1:8020/?id=\u003csession-id\u003e`\n\nContributing\n------------\n\nFeel free to make pull requests!\n\nC coding style should follow the\n[Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadrienverge%2Fopenfortivpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadrienverge%2Fopenfortivpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadrienverge%2Fopenfortivpn/lists"}