Arch Linux User Repository

Community,

The Fortinet provides two products, "FortiClient EMS" and "FortiClient VPN only". This package only correspond to "FortiClient VPN only" and your lastest version is 7.0.0.0018 at 2022-11-10.

If you are interested in "FortiClient EMS", I suggest following the AUR package 'forticlient' [https://aur.archlinux.org/packages/forticlient]

PKGBUILD

# Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com>
pkgname=forticlient-vpn
pkgver=7.0.7.0246
pkgrel=2
pkgdesc="Build through the official package of FortiClient VPN only"
arch=("x86_64")
url="https://www.fortinet.com/support/product-downloads"
license=('custom:fortinet')
depends=('systemd' 'nss' 'gtk3' 'libxss' 'polkit' 'openssl' 'libnotify' 'org.freedesktop.secrets' 'libappindicator-gtk2')
optdepends=(
    'mate-polkit: for polkit authentication for the MATE'
    'polkit-gnome: for polkit authentication for the GNOME'
    'polkit-kde-agent: for polkit authentication for the KDE'
    'deepin-polkit-agent: for polkit authentication for the Deepin'
    'pantheon-polkit-agent: for polkit authentication for the Pantheon'
    'lxqt-policykit: for polkit authentication for the LXQt'
)
provides=('fortivpn' 'FortiClient')
install='forticlient-vpn.install'
source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb")
sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e')


package() {

    bsdtar -xf data.tar.xz -C "$pkgdir/"

    install -Dm644  "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service"

    rm -rf "${pkgdir}/lib"

    # Install license
    install -Dm 644 "${pkgdir}/usr/share/doc/forticlient/copyright" "${pkgdir}/usr/share/licenses/fortinet/LICENSE"

    # Symbolic link to fortivpn CLI
    mkdir -p ${pkgdir}/usr/bin
    ln -sf '/opt/forticlient/fortivpn' "${pkgdir}/usr/bin/fortivpn"
    [[ -d /var/lib/forticlient ]] || mkdir /var/lib/forticlient


}

forticlient-vpn.install

pre_install () {
    BACKUP_DIR=/etc/forticlient/.old
    FCT_CONFIG_DB=/etc/forticlient/config.db
    FCT_CONFIG=/etc/forticlient/config.xml
    EC_CONFIG=/opt/forticlient/XMLs/ecdata.xml

    # Backup old XML configurations if they exist so they can
    # be imported on start up if upgrading from an older FCT version
    if [ -f $FCT_CONFIG_DB ] || [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then
        mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR
    else
        exit 0
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG_DB ]; then
        cp $FCT_CONFIG_DB $BACKUP_DIR
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG ]; then
        cp $FCT_CONFIG $BACKUP_DIR
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $EC_CONFIG ]; then
        cp $EC_CONFIG $BACKUP_DIR
    fi
    exit 0
}

pre_upgrade () {
    # Check if forticlient is registered to EMS if it's an uninstall
    if [ -f /opt/forticlient/.fct_ec_registered ]; then
        echo "Error: Unable to uninstall forticlient while connected to EMS"
        exit 1
    fi

    # Remove old symlink when upgrading from older versions
    if [ -f /usr/bin/FortiClient ]; then
        pkill -f /usr/bin/FortiClient
        rm -rf /usr/bin/FortiClient
    fi
}

post_install() {
    # Remove older version directories and files when upgrading
    if [ -d /usr/bin/forticlient ]; then
        pkill -f /usr/bin/forticlient
        rm -rf /usr/bin/forticlient
    fi

    # Remove old configuration files when upgrading from older versions
    if [ -f /etc/forticlient/config.xml ]; then
        rm -rf /etc/forticlient/config.xml
    fi

    if [ -f /etc/forticlient/config_backup.xml ]; then
        rm -rf /etc/forticlient/config_backup.xml
    fi

    # Remove old pid lock
    if [ -f /tmp/.forticlient/fortivpn.pid ]; then
        rm -rf /tmp/.forticlient/fortivpn.pid
    fi

    if [ -f /opt/forticlient/Fortitray.desktop ]; then
        ln -sf /opt/forticlient/Fortitray.desktop /etc/xdg/autostart/Fortitray.desktop
    fi

    if [ -f /opt/forticlient/Fortivpn.desktop ]; then
        ln -sf /opt/forticlient/Fortivpn.desktop /etc/xdg/autostart/Fortivpn.desktop
    fi

    # Restore permissions to all files
    if [ -f /opt/forticlient/.repackaged ] && [ -f /opt/forticlient/.acl ]; then
    (
        cd /
        setfacl --restore /opt/forticlient/.acl
    )
    fi

    if [ -f /etc/forticlient/servers.conf ]; then
        chmod 600 /etc/forticlient/servers.conf
    fi

    # Create GUI symlink to launch from terminal
    if [ -f /opt/forticlient/gui/FortiClient-linux-x64/FortiClient ]; then
        ln -sf /opt/forticlient/gui/FortiClient-linux-x64/FortiClient /usr/bin/forticlient
    fi

    # Launch fortitray
    if [ -f /opt/forticlient/fortitraylauncher ]; then
        if [ ! -z "$(logname 2>/dev/null)" ]; then
            user="$(logname 2>/dev/null)"
        elif [ ! -z "$SUDO_USER" ]; then
            user="$SUDO_USER"
        else
            user=$(users 2>/dev/null | cut -d ' ' -f1)
        fi

        # Need to find the user DBUS address, otherwise Fortitray icon won't show
        DBUS_SESSION_BUS_ADDRESS=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DBUS_SESSION_BUS_ADDRESS=')
        DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS#*=}

        # XAUTHORITY and DISPLAY needed by Fortitray to run
        XAUTHORITY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XAUTHORITY=')
        XAUTHORITY=${XAUTHORITY#*=}

        DISPLAY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DISPLAY=')
        DISPLAY=${DISPLAY#*=}

        XDG_RUNTIME_DIR=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XDG_RUNTIME_DIR=')
        XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR#*=}

        # Start fortitraylauncher while forwarding environment variables needed by Fortitray
        su ${user} -c "env XAUTHORITY=$XAUTHORITY \
                        DISPLAY=$DISPLAY \
                        DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \
                        XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
                        setsid /opt/forticlient/fortitraylauncher &>/dev/null &"
    fi

    # Update icons cache so icon will show correctly
    if [ -f /usr/share/icons/hicolor/48x48/apps/forticlient.png ]; then
        gtk-update-icon-cache -f /usr/share/icons/hicolor || true
    fi

    # Setup forticlient protocol handler
    if [ -f /usr/share/applications/forticlient-register.desktop ]; then
        update-desktop-database
    fi

    # Stop reload daemons
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload > /dev/null || true
    fi
}

post_upgrade() {
cat << EOF

==> After upgrade, to restore your config, copy old file from /etc/forticlient/.old/ to /etc/forticlient/

EOF
}

pre_remove() {
    # Stop fortitray
    if [ -f /tmp/.forticlient/fortitraylauncher ]; then
        echo "terminate" > /tmp/.forticlient/fortitraylauncher || true
    fi

    # Remove ZTNA browser certificates
    if [ -f /usr/bin/certutil ]; then
        find /home /root -regextype posix-extended \
        -regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \
        -maxdepth 5 -print0 2>/dev/null |
        while IFS= read -r -d $'\0' p; do
        /usr/bin/certutil -F -n FCT_ZTNA    -d sql:"$p" 2>/dev/null || true;
        /usr/bin/certutil -D -n FCT_ZTNA_CA -d sql:"$p" 2>/dev/null || true;
        done
    fi

    # Stop forticlient service
    if [ -d /run/systemd/system ]; then
        systemctl stop forticlient-scheduler.service
    fi

    if [ -d /run/systemd/system ]; then
        systemctl stop forticlient.service
    fi

    pkill -f /opt/forticlient
    exit 0
}

post_remove() {
    # Stop reload daemons
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload > /dev/null || true
    fi

    # Remove shared memory
    rm -rf /var/run/fctc.s || true

    # Remove Fortitray.desktop symlink
    rm -rf /etc/xdg/autostart/Fortitray.desktop || true

    # Remove fortitraylauncher fifo
    rm -rf /tmp/.forticlient/fortitraylauncher || true

    # Remove VPN autostart launcher symlink
    rm -rf /etc/xdg/autostart/Fortivpn.desktop || true

    # Remove GUI symlink
    rm -rf /usr/bin/forticlient || true

    # Remove fortivpn symlink
    rm -rf /usr/bin/forticlient || true

    # Remove FortiClient scheduler
    rm -rf /lib/systemd/system/forticlient.service || true

    # Remove FortiClient binaries
    rm -rf /opt/forticlient || true

    # Remove fortitray policy
    rm -rf /usr/share/polkit-1/actions/org.fortinet.fortitray.policy || true

    # Remove forticlient policy
    rm -rf /usr/share/polkit-1/actions/org.fortinet.forticlient.policy || true

    exit 0
}

I'm on 7.0.7 FCT VPN only(the gratis one) which is unfortunately available only via Support Portal. Fortinet does not seem to care to update the public one over @forticlient.com (Afterwards I saw that they finally manged to update it)

https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb

So, I've had the same white menu issue in my case I checked the forticlient service and I was getting timeouts

systemctl status forticlient.service

fctsched Error receiving message from confighandler: Connection time out fctsched Error receiving message from confighandler: Connection time out

I stopped the service and did an strace for confighandler that pointed me to a missing directory.

I've created the /var/lib/forticlient directory and restarted the forticlient service which resulted in no more timeouts. Also the white menu was gone and I could use the VPN Client

We use SAML+MFA which succeeded but the client was unable to establish a connection

I change the log level and afterwards I was seeing in debug sslvpn logs

[sslvpn:EROR] vif:30 Failed open tun device
[sslvpn:EROR] vpn_connection:1264 Create VPN network interface failed
[sslvpn:EROR] vpn_connection:2131 Restore DNS failed

I set

sudo setcap -r cap_net_admin,cap_net_bind_service+ep /opt/forticlient/fortivpn

which seems to help. Perhaps it should be included in the install script and avoid the sudoers all together.

Hello, community!

I made the first attempt to update to version 7.0.7.0246, but I wasn't successful. The main screen of the application turned blank. The output in terminal show me the follow error:

Failed to connect to confighandler: connect(127.0.0.1:33973): error Connection refused
Failed to get config. Retry after 1 second.

I still have no idea how to resolve this error

The code is avaliable for contribuitions at: https://github.com/douglasimcabral/forticlient-vpn

@iamtalhaasghar
If you facing Backup Routing Table Failed issue. I found there are two ways to fixed it temporarily. You can try one of them.
1. Set the network ip address as static only instead of DHCP.
2. Login to router setting page and change the network ip range to 10.0.0.0/8 or 172.16.0.0/12 instead of 192.168.0.0/16.

diff --git a/PKGBUILD b/PKGBUILD
index 01330f9..0019183 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com>
 pkgname=forticlient-vpn
-pkgver=7.0.0.0018
+pkgver=7.0.7.0246
 pkgrel=2
 pkgdesc="Build through the official package of FortiClient VPN only"
 arch=("x86_64")
@@ -17,21 +17,21 @@ optdepends=(
 )
 provides=('fortivpn' 'FortiClient')
 install='forticlient-vpn.install'
-source=("https://filestore.fortinet.com/forticlient/downloads/forticlient_vpn_${pkgver}_amd64.deb")
-sha256sums=('82e5817048a60ff95d2e88b4a95512f9f0035fa37240ce57580c203b5a8a79c9')
+source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb")
+sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e')


 package() {

        bsdtar -xf data.tar.xz -C "$pkgdir/"

-       install -Dm644  "${pkgdir}/lib/systemd/system/forticlient-scheduler.service" "${pkgdir}/usr/lib/systemd/system/forticlient-scheduler.service"
+       install -Dm644  "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service"

        rm -rf "${pkgdir}/lib"

        # Install license
        install -Dm 644 "${pkgdir}/usr/share/doc/forticlient/copyright" "${pkgdir}/usr/share/licenses/fortinet/LICENSE"
-
+
        # Symbolic link to fortivpn CLI
        mkdir -p ${pkgdir}/usr/bin
        ln -sf '/opt/forticlient/fortivpn' "${pkgdir}/usr/bin/fortivpn"
(END)

@douglasimcabral

Could you update the package to 7.0.7?

https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb

Thanks a lot

Community,

The Fortinet provides two products, "FortiClient EMS" and "FortiClient VPN only". This package only correspond to "FortiClient VPN only" and your lastest version is 7.0.0.0018 at 2022-11-10.

If you are interested in "FortiClient EMS", I suggest following the AUR package 'forticlient' [https://aur.archlinux.org/packages/forticlient]

@kolewu

https://repo.fortinet.com/repo/7.0/ubuntu/pool/multiverse/forticlient/

;-)

I installed the client and it has been working flawlessly, even with SSO against AzureAD, then suddenly it stopped. The client authenticates, and all looks good - but the connection is never established.

Has anyone ever experienced this?

20221005 21:59:31.501 [sslvpn:INFO] sslvpn:739 Login successful
20221005 21:59:31.579 [sslvpn:INFO] main:1112 State: Configuring tunnel
20221005 21:59:48.003 [sslvpn:EROR] vpn_connection:706 IO read remote failed: timeout
20221005 21:59:48.003 [sslvpn:EROR] vpn_connection:1379 Error: Disconnected because of error: Read packet from tunnel failed.
20221005 21:59:48.003 [sslvpn:INFO] vpn_connection:1493 /remote/logout
20221005 21:59:48.086 [sslvpn:INFO] sslvpn:751 Logout successful