Arch Linux User Repository

Community,

The Fortinet provides two products, "FortiClient EMS" and "FortiClient VPN only". This package only correspond to "FortiClient VPN only" and your lastest version is 7.0.7.0246 at 03-09-2023.

If you are interested in "FortiClient EMS", I suggest following the AUR package 'forticlient' [https://aur.archlinux.org/packages/forticlient]

Token input modal does not show up. I installed the package afresh, and I am stuck on the connecting screen. After entering my password, an “OK” and “Cancel” button appear, which I believe are meant to confirm the token input. However, there was no field to input the token. After clicking “OK,” I remained stuck on the connecting screen. Please help.

[PC]
OS: Manjaro Linux x86_64
Host: HP EliteBook 840 G5 SBKPF
Kernel: 6.12.20-2-MANJARO

[sslvpn.log]
...
20250404 10:23:41.847 TZ=+0100 [sslvpn:INFO] main:1781 State: Logging in
20250404 10:23:41.848 TZ=+0100 [sslvpn:INFO] vpn_connection:2447 /remote/info
20250404 10:23:42.009 TZ=+0100 [sslvpn:INFO] main:1781 State: Waiting user confirm remote certificate
20250404 10:23:42.009 TZ=+0100 [sslvpn:DEBG] main:1611 Create socket connection
20250404 10:23:42.054 TZ=+0100 [sslvpn:DEBG] main:1689 Message to UI: You are connecting to an untrusted server, which could put your confidential information at risk. Would you like to connect to this server?

Edited: If you're having the same issue. You can use the cli to connect. /opt/forticlient/forticlient-cli vpn

Thanks for updating the package, I noticed strange ( perhaps ) new behaviour. After connecting to vpn the window closes ( it didnt in previous version ) , still works, but sometimes I forget im connected to vpn ( as the tray is not working in gnome ). DO you have the same behaviour - can it be configured ?

I stumbled on the vpnagent fix also, but because it's not linked to a version I'm reluctant on implementing the change. I've had no luck trying to find an alternative to the intial filestore setup, but I will look into pulling from the debian repo this weekend.

• Update - figured out the new filestore url just followed the redirect

For anyone having trouble with the .deb file not being downloaded, replacing the following values in the PKGBUILD file solved the problem for me:

source=("https://links.fortinet.com/forticlient/deb/vpnagent")
sha256sums=('45c465ca669d4bc6d0f1d3a93f4eb765b996e05c10f6e8e9e2db2fa6728a541c')

NOTE: Keep in mind this will download the latest version available, and the package listed here may be out of date, as it is at the moment of this writing. The sha256sums above corresponds to version 7.4.3.1736

Has anyone managed to run IKEv1 on IPsec or is this not possible in principle?

This package needs to add as a dependency "core/net-tools" , without it the vpn is unable to add routes from the firewall.

Hi there is an issue since last Manjaro upgrade

nov. 30 17:04:08 manjaro NetworkManager[1421]: <info>  [1732982648.5856] vpn[xxx,"Forti VPN"]: starting fortisslvpn
nov. 30 17:04:08 manjaro NetworkManager[1421]: <info>  [1732982648.5863] audit: op="connection-activate" uuid="xxx" name="Forti VPN" pid=2715 uid=1000 result="success"
nov. 30 17:04:08 manjaro NetworkManager[8005]: INFO:   Connected to gateway.
nov. 30 17:04:08 manjaro NetworkManager[8005]: INFO:   Authenticated.
nov. 30 17:04:09 manjaro NetworkManager[8005]: INFO:   Remote gateway has allocated a VPN.
nov. 30 17:04:09 manjaro NetworkManager[8021]: /usr/bin/pppd: Plugin /usr/lib/pppd/2.5.0/nm-fortisslvpn-pppd-plugin.so is for pppd version 2.5.0, this is 2.5.1
nov. 30 17:04:09 manjaro pppd[8021]: Plugin /usr/lib/pppd/2.5.0/nm-fortisslvpn-pppd-plugin.so is for pppd version 2.5.0, this is 2.5.1
nov. 30 17:04:09 manjaro NetworkManager[8005]: ERROR:  read: Input/output error
nov. 30 17:04:09 manjaro NetworkManager[8005]: INFO:   Cancelling threads...
nov. 30 17:04:09 manjaro NetworkManager[8005]: INFO:   Cleanup, joining threads...
nov. 30 17:04:09 manjaro NetworkManager[8005]: ERROR:  pppd: An error was detected in processing the options given, such as two mutually exclusive options being used.
nov. 30 17:04:09 manjaro NetworkManager[8005]: INFO:   Terminated pppd.
nov. 30 17:04:09 manjaro NetworkManager[8005]: INFO:   Closed connection to gateway.
nov. 30 17:04:09 manjaro NetworkManager[8005]: INFO:   Logged out.
nov. 30 17:04:09 manjaro NetworkManager[1421]: <warn>  [1732982649.5099] vpn[yyy,xxx,"Forti VPN"]: dbus: failure: connect-failed (1)
nov. 30 17:04:09 manjaro NetworkManager[1421]: <warn>  [1732982649.5099] vpn[yyy,xxx,"Forti VPN"]: dbus: failure: connect-failed (1)

Thanks for sharing the scripts @Meowser, it will work as a temporary solution, but I hope it gets fixed in the main repo as well :)

@kristo I had the same issue and someone at my work came up with a solution to modify the resolv.conf. I ended up with this script using inotifywait, whenever the file is changed this will fix the bad name.

#!/bin/sh

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
fi

inotifywait --monitor --event create --include 'resolv.conf' /etc |
while read file; do
    if grep -q example.com /etc/resolv.conf
      then
        sed 's/comname/com|name/g' /etc/resolv.conf | tr '|' '\n' > /tmp/resolv.conf.new
        cp /tmp/resolv.conf.new /etc/resolv.conf
    fi
done

I run it with a systemd job at network startup:

# /etc/systemd/system/forticlient-fixer.service
[Unit]
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/root/bin/monitor-resolv.sh

[Install]
WantedBy=multi-user.target