Comments (15)
boospy
commented on July 18, 2024
9
Hello lkundrak,
thank you. It works now perfectly, after this two commands:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
Best Regards
from openfortivpn.
boospy
commented on July 18, 2024
1
Is this working now? Have the same problem. All us vpn's are with clientcert. I have 2 things. The Clientcert (p12). This file is password prodected. And the CA File. So how i set this in the configfile?
host = vpngateway.bla.com
port = 10443
username = myuser
password = mypassword
trusted-cert = 12c5c8135b94f1535b4bfdaf4299e84b6146ba754d1b0631a0b2b
ca-file=/home/myuser/.fctsslvpn_trustca/ca.crt
user-cert=/home/myuser/.fctsslvpn_trustca/clientzertifikate/clientcert_auth_customer.p12
But where i can set the password for the p12?
Thanks a lot
from openfortivpn.
lkundrak
commented on July 18, 2024
@alfem: was thinking about implementing that.
Please let me know if https://github.com/lkundrak/openfortivpn/tree/client-ssl-cert works for you.
from openfortivpn.
lkundrak
commented on July 18, 2024
@alfem ping?
from openfortivpn.
alfem
commented on July 18, 2024
Sorry, I had not access to my vpn until now.
I am testing your fork, with my user cert (keyword protected) and get this error:
ERROR: SSL_CTX_use_certificate_file: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
I have checked that my cert and keyword work ok with forticlient. The same error comes out when I do not use the --user-key parameter
from openfortivpn.
lkundrak
commented on July 18, 2024
Hi. Is the certificate a PEM file? Does it begin with a "-----BEGIN CERTIFICATE-----" line?
from openfortivpn.
alfem
commented on July 18, 2024
Uh, I am afraid it is a pkcs12. This is the format our Government certs are issued.
I will try to convert it and test again.
from openfortivpn.
alfem
commented on July 18, 2024
It is (almost) working now!
openfortivpn tries to open the connection, but fails with these messages (besides, I have to enter my private key pass phrase thrice):
WARN: You should not pass the password on the command line. Type it interactively or use a config file instead.
WARN: Bad port in config file: "0".
Enter PEM pass phrase:
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Enter PEM pass phrase:
ERROR: Received bad header from gateway:
(hex) 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 32 32 20 4f 63 74 20 32 30 31 35 20 31 33 3a 30 32 3a 34 36 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 53 56 50 4e 43 4f 4f 4b 49 45 3d 3b 70 61 74 68 3d 2f 3b 65 78 70 69 72 65 73 3d 54 68 75 2c 20 32 32 2d 4f 63 74 2d 32 30 31 35 20 31 33 3a 30 32 3a 34 36 20 47 4d 54 3b 73 65 63 75 72 65 3b 68 74 74 70 6f 6e 6c 79 3b 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 53 56 50 4e 4e 45 54 57 4f 52 4b 43 4f 4f 4b 49 45 3d 3b 20 70 61 74 68 3d 2f 72 65 6d 6f 74 65 2f 6e 65 74 77 6f 72 6b 3b 20 65 78 70 69 72 65 73 3d 54 68 75 2c 20 32 32 2d 4f 63 74 2d 32 30 31 35 20 31 33 3a 30 32 3a 34 36 20 47 4d 54 3b 20 73 65 63 75 72 65 3b 20 68 74 74 70 6f 6e 6c
(raw) HTTP/1.1 403 Forbidden.
Date: Thu, 22 Oct 2015 13:02:46 GMT.
Set-Cookie: SVPNCOOKIE=;path=/;expires=Thu, 22-Oct-2015 13:02:46 GMT;secure;httponly;.
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Thu, 22-Oct-2015 13:02:46 GMT; secure; httpon
INFO: Cancelling threads...
INFO: Terminated pppd.
INFO: Closed connection to gateway.
Enter PEM pass phrase:
from openfortivpn.
ckujau
commented on July 18, 2024
@boospy You could remove the password from the pkcs12 certificate. I wouldn't recommend it though, for obvious reasons.
from openfortivpn.
boospy
commented on July 18, 2024
Hello ckujau,
i removed the pass from pkcs file. But get an error.
WARN: Bad key in config file: "user-cert".
WARN: Could not load config file "/home/myuser/MYHOME/openfortivpn-configs/vpntest.conf" (No such file or directory).
INFO: Connected to gateway.
ERROR: Could not authenticate to gateway (No cookie given).
INFO: Closed connection to gateway.
INFO: Logged out.
The file exist and the cacert is also ok. So what? I had the same errormessage before i changed the pkcs file.
Thanks a lot :)
from openfortivpn.
ckujau
commented on July 18, 2024
Bad key in config file: "user-cert" looks as if the client-ssl-cert branch hadn't been applied or isn't working. Maybe tell @lkundrak about this?
from openfortivpn.
boospy
commented on July 18, 2024
I've send @lkundrak an email.
from openfortivpn.
lkundrak
commented on July 18, 2024
@boospy, thanks for the message.
@ckujau, @boospy, please try out this: https://github.com/adrienverge/openfortivpn/tree/lr/ssl-config-file
Previously the ca-file, user-key and user-cert options were only accepted from the command line (contrary to the documentation). Also the error handling was not exactly correct, which is why you got the unhelpful error message.
from openfortivpn.
alfem
commented on July 18, 2024
Tested and working here.
Sudo and a password-free user private key are both required.
When I tried with a password protected private key file, the client ask me to enter the password twice in order to connect, and once again to disconnect (weird):
sudo openfortivpn -c openfortivpn.conf
Enter PEM pass phrase:
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Enter PEM pass phrase:
INFO: Got addresses: [10.118.164.218], ns [10.118.96.89, 10.253.2.160]
INFO: Interface ppp0 is UP.
INFO: Setting new routes...
INFO: Adding VPN nameservers...
INFO: Tunnel is up and running.
^C
INFO: Cancelling threads...
INFO: Setting ppp interface down.
INFO: Restoring routes...
INFO: Removing VPN nameservers...
INFO: Terminated pppd.
INFO: Closed connection to gateway.
Enter PEM pass phrase:
INFO: Logged out.
from openfortivpn.
ephemeric
commented on July 18, 2024
Hi,
This worked perfectly first time! I cannot thank you enough for this project, thank you! I pulled apart the official Linux FortiClient on CentOS 7 and it is awful. Only allows for PKCS12 file, yuck.
You sir, are great.
Cheers.
from openfortivpn.
Related Issues (20)
- Detecting VPN Disconnections sooner for retry HOT 5
- URI missing as configuration parameter HOT 2
- Using openvpn breaks openfortivpn HOT 3
- Invalid session ID error when trying to connect from a different network HOT 5
- Use private key file from Windows?
- macOS 14.2.1 and 1.21.0 blocks HOT 5
- modify firewall HOT 3
- connecting with @ in username and context in host HOT 3
- Empty cookie error after server upgrade from 7.2.7 to 7.2.8 HOT 10
- "Error writing to SSL connection" on FreeBSD
- 405 Method Not Allowed HOT 1
- openfortivpn on MAC gets stuck HOT 6
- openfortivpn version 1.22.0
- Wrong value in the 'Accept-Encoding' header HOT 2
- openfortivpn version 1.22.1
- IPCP terminated by peer (conflicting remote IP address) HOT 8
- Explain OTP Flag HOT 1
- v1.20.3 on OpenWRT - Hughes Internet HOT 9
- Older macOS do not provide `vdprintf`: `Undefined symbols: "_vdprintf"` HOT 11
- openfortivpn 1.3.0 not working on ubuntu 24.04 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openfortivpn.