AUR (en) - forticlient-vpn

Search Criteria

Enter search criteria

Search by

Keywords

Out of Date

Sort by

Sort order

Per page

Package Details: forticlient-vpn 7.0.7.0246-2

Package Actions

Git Clone URL:	https://aur.archlinux.org/forticlient-vpn.git (read-only, click to copy)
Package Base:	forticlient-vpn
Description:	Build through the official package of FortiClient VPN only
Upstream URL:	https://www.fortinet.com/support/product-downloads
Keywords:	FortiClient Fortinet VPN
Licenses:	custom:fortinet
Conflicts:	forticlient
Provides:	FortiClient, fortivpn
Submitter:	douglasimcabral
Maintainer:	douglasimcabral
Last Packager:	douglasimcabral
Votes:	15
Popularity:	0.25
First Submitted:	2020-09-05 13:48 (UTC)
Last Updated:	2023-03-14 03:38 (UTC)

Dependencies (16)

gtk3 (gtk3-ubuntu^AUR, gtk3-no_deadkeys_underline^AUR, gtk3-patched-filechooser-icon-view^AUR, gtk3-classic-xfce^AUR, gtk3-classic^AUR)
gzip (dxcompress-git^AUR, dxcompress^AUR, gzip-git^AUR, busybox-coreutils^AUR)
libappindicator-gtk2
libnotify (libnotify-git^AUR)
libxss
nss (nss-hg^AUR)
openssl (openssl-git^AUR, openssl-static^AUR)
org.freedesktop.secrets (keepassxc-git^AUR, gnome-keyring-git^AUR, bitw-git^AUR, pass-secrets-git^AUR, keepassxc-allow-aur-extension-origin^AUR, keepassxc-allow-aur-extension-origin-bin^AUR, gnome-keyring, keepassxc, kwallet, kwallet5)
polkit (polkit-git^AUR, polkit-consolekit^AUR)
systemd (systemd-git^AUR, systemd-chromiumos^AUR, systemd-selinux^AUR, systemd-fml^AUR)
deepin-polkit-agent (deepin-polkit-agent-git^AUR) (optional) – for polkit authentication for the Deepin
lxqt-policykit (lxqt-policykit-git^AUR) (optional) – for polkit authentication for the LXQt
mate-polkit (mate-polkit-gtk2^AUR) (optional) – for polkit authentication for the MATE
pantheon-polkit-agent (pantheon-polkit-agent-git^AUR) (optional) – for polkit authentication for the Pantheon
polkit-gnome (polkit-gnome-gtk2^AUR, xfce-polkit-git^AUR, xfce-polkit^AUR, polkit-gnome-git^AUR) (optional) – for polkit authentication for the GNOME
polkit-kde-agent (polkit-kde-agent-git^AUR) (optional) – for polkit authentication for the KDE

Required by (0)

Sources (1)

https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb

Pinned Comments

douglasimcabral commented on 2022-11-10 15:37 (UTC) (edited on 2023-03-10 00:41 (UTC) by douglasimcabral)

Community,

The Fortinet provides two products, "FortiClient EMS" and "FortiClient VPN only". This package only correspond to "FortiClient VPN only" and your lastest version is 7.0.7.0246 at 03-09-2023.

If you are interested in "FortiClient EMS", I suggest following the AUR package 'forticlient' [https://aur.archlinux.org/packages/forticlient]

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 Next › Last »

cbueche commented on 2023-02-22 17:07 (UTC)

Thanks to contributors. I built my first Arch package and I'm now a happy camper using the "official" client 7.2.0.0644.

How do we know there is an updated version available and a rebuild is needed ? Does the client GUI check and inform ?

MikeTheRat commented on 2023-02-19 23:09 (UTC)

@Mitch Ah, my bad, missed a comment below. Yeah, I tried it, works like a charm! Thanks for pointing my attention on it.

Mitch commented on 2023-02-16 02:05 (UTC) (edited on 2023-02-16 02:05 (UTC) by Mitch)

PKGBUILD and install script is posted a few comments below. For building and installing: https://wiki.archlinux.org/title/Makepkg#Usage

MikeTheRat commented on 2023-02-15 13:57 (UTC)

@Mitch I'd be happy to try it. Can you please post link where I can get it? Thanks!

Mitch commented on 2023-02-14 21:13 (UTC)

@MikeTheRat I had the same problem, i'm using harappan's PKGBUILD for 7.0.7 which works great.

MikeTheRat commented on 2023-02-14 16:36 (UTC)

Hi! After latest Garuda linux update I can't connect to my work VPN for some reason.I keep getting "routing configuration failed" error right after starting to connect, at the same moment. I had to revert my update to latest pre-update snapshot to get forticlient-vpn working again. Is there any hope to get update for this package? Thanks!

cbueche commented on 2023-02-14 08:19 (UTC)

is there a possibility that Douglas updates the main package ?

insan3 commented on 2023-02-09 09:37 (UTC) (edited on 2023-02-09 09:44 (UTC) by insan3)

There is an new version (7.2) which works way better with SSO signins. Since for some reason this file is not listed on the fortinet repo i added it to another one.

# Contributor: Jurgen <jurgen at insan3 dot nl>
pkgname=forticlient_vpn
pkgver=7.2.0.0644
pkgrel=1
pkgdesc="An fortinet sslvpn application"
arch=('x86_64')
url="https://www.forticlient.com"
license=('custom')
groups=()
provides=(forticlient_vpn)
depends=('libxss' 'libsecret' 'alsa-lib' 'libnotify' 'gtk3' 'nss' 'libxcrypt-compat' 'libappindicator-gtk2')
backup=('etc/forticlient/config.db')
options=('!strip' '!emptydirs')
source=("http://mirror.previder.nl/deb/pool/main/${pkgname}_${pkgver}_amd64.deb")
sha512sums=('a21047dc80d2af8578fee0196bac039401df7c6914b2527f3b6da9f0c1ab2875d2fc065f71e82ce729b6141228dc3d3af637eff3509dc209d8cbecf80ca3b0b8')

package(){

    # Extract package data
    tar xf data.tar.xz -C "${pkgdir}"

    # Fix directory structure differences
    cd "${pkgdir}"

    mkdir -p usr/lib 2> /dev/null; mv lib/* usr/lib; rm -rf lib
    mkdir -p var/lib/forticlient

    cd ..

}

harappan commented on 2023-01-20 19:07 (UTC) (edited on 2023-01-20 19:08 (UTC) by harappan)

PKGBUILD

# Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com>
pkgname=forticlient-vpn
pkgver=7.0.7.0246
pkgrel=2
pkgdesc="Build through the official package of FortiClient VPN only"
arch=("x86_64")
url="https://www.fortinet.com/support/product-downloads"
license=('custom:fortinet')
depends=('systemd' 'nss' 'gtk3' 'libxss' 'polkit' 'openssl' 'libnotify' 'org.freedesktop.secrets' 'libappindicator-gtk2')
optdepends=(
    'mate-polkit: for polkit authentication for the MATE'
    'polkit-gnome: for polkit authentication for the GNOME'
    'polkit-kde-agent: for polkit authentication for the KDE'
    'deepin-polkit-agent: for polkit authentication for the Deepin'
    'pantheon-polkit-agent: for polkit authentication for the Pantheon'
    'lxqt-policykit: for polkit authentication for the LXQt'
)
provides=('fortivpn' 'FortiClient')
install='forticlient-vpn.install'
source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb")
sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e')


package() {

    bsdtar -xf data.tar.xz -C "$pkgdir/"

    install -Dm644  "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service"

    rm -rf "${pkgdir}/lib"

    # Install license
    install -Dm 644 "${pkgdir}/usr/share/doc/forticlient/copyright" "${pkgdir}/usr/share/licenses/fortinet/LICENSE"

    # Symbolic link to fortivpn CLI
    mkdir -p ${pkgdir}/usr/bin
    ln -sf '/opt/forticlient/fortivpn' "${pkgdir}/usr/bin/fortivpn"
    [[ -d /var/lib/forticlient ]] || mkdir /var/lib/forticlient


}

forticlient-vpn.install

pre_install () {
    BACKUP_DIR=/etc/forticlient/.old
    FCT_CONFIG_DB=/etc/forticlient/config.db
    FCT_CONFIG=/etc/forticlient/config.xml
    EC_CONFIG=/opt/forticlient/XMLs/ecdata.xml

    # Backup old XML configurations if they exist so they can
    # be imported on start up if upgrading from an older FCT version
    if [ -f $FCT_CONFIG_DB ] || [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then
        mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR
    else
        exit 0
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG_DB ]; then
        cp $FCT_CONFIG_DB $BACKUP_DIR
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG ]; then
        cp $FCT_CONFIG $BACKUP_DIR
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $EC_CONFIG ]; then
        cp $EC_CONFIG $BACKUP_DIR
    fi
    exit 0
}

pre_upgrade () {
    # Check if forticlient is registered to EMS if it's an uninstall
    if [ -f /opt/forticlient/.fct_ec_registered ]; then
        echo "Error: Unable to uninstall forticlient while connected to EMS"
        exit 1
    fi

    # Remove old symlink when upgrading from older versions
    if [ -f /usr/bin/FortiClient ]; then
        pkill -f /usr/bin/FortiClient
        rm -rf /usr/bin/FortiClient
    fi
}

post_install() {
    # Remove older version directories and files when upgrading
    if [ -d /usr/bin/forticlient ]; then
        pkill -f /usr/bin/forticlient
        rm -rf /usr/bin/forticlient
    fi

    # Remove old configuration files when upgrading from older versions
    if [ -f /etc/forticlient/config.xml ]; then
        rm -rf /etc/forticlient/config.xml
    fi

    if [ -f /etc/forticlient/config_backup.xml ]; then
        rm -rf /etc/forticlient/config_backup.xml
    fi

    # Remove old pid lock
    if [ -f /tmp/.forticlient/fortivpn.pid ]; then
        rm -rf /tmp/.forticlient/fortivpn.pid
    fi

    if [ -f /opt/forticlient/Fortitray.desktop ]; then
        ln -sf /opt/forticlient/Fortitray.desktop /etc/xdg/autostart/Fortitray.desktop
    fi

    if [ -f /opt/forticlient/Fortivpn.desktop ]; then
        ln -sf /opt/forticlient/Fortivpn.desktop /etc/xdg/autostart/Fortivpn.desktop
    fi

    # Restore permissions to all files
    if [ -f /opt/forticlient/.repackaged ] && [ -f /opt/forticlient/.acl ]; then
    (
        cd /
        setfacl --restore /opt/forticlient/.acl
    )
    fi

    if [ -f /etc/forticlient/servers.conf ]; then
        chmod 600 /etc/forticlient/servers.conf
    fi

    # Create GUI symlink to launch from terminal
    if [ -f /opt/forticlient/gui/FortiClient-linux-x64/FortiClient ]; then
        ln -sf /opt/forticlient/gui/FortiClient-linux-x64/FortiClient /usr/bin/forticlient
    fi

    # Launch fortitray
    if [ -f /opt/forticlient/fortitraylauncher ]; then
        if [ ! -z "$(logname 2>/dev/null)" ]; then
            user="$(logname 2>/dev/null)"
        elif [ ! -z "$SUDO_USER" ]; then
            user="$SUDO_USER"
        else
            user=$(users 2>/dev/null | cut -d ' ' -f1)
        fi

        # Need to find the user DBUS address, otherwise Fortitray icon won't show
        DBUS_SESSION_BUS_ADDRESS=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DBUS_SESSION_BUS_ADDRESS=')
        DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS#*=}

        # XAUTHORITY and DISPLAY needed by Fortitray to run
        XAUTHORITY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XAUTHORITY=')
        XAUTHORITY=${XAUTHORITY#*=}

        DISPLAY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DISPLAY=')
        DISPLAY=${DISPLAY#*=}

        XDG_RUNTIME_DIR=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XDG_RUNTIME_DIR=')
        XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR#*=}

        # Start fortitraylauncher while forwarding environment variables needed by Fortitray
        su ${user} -c "env XAUTHORITY=$XAUTHORITY \
                        DISPLAY=$DISPLAY \
                        DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \
                        XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
                        setsid /opt/forticlient/fortitraylauncher &>/dev/null &"
    fi

    # Update icons cache so icon will show correctly
    if [ -f /usr/share/icons/hicolor/48x48/apps/forticlient.png ]; then
        gtk-update-icon-cache -f /usr/share/icons/hicolor || true
    fi

    # Setup forticlient protocol handler
    if [ -f /usr/share/applications/forticlient-register.desktop ]; then
        update-desktop-database
    fi

    # Stop reload daemons
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload > /dev/null || true
    fi
}

post_upgrade() {
cat << EOF

==> After upgrade, to restore your config, copy old file from /etc/forticlient/.old/ to /etc/forticlient/

EOF
}

pre_remove() {
    # Stop fortitray
    if [ -f /tmp/.forticlient/fortitraylauncher ]; then
        echo "terminate" > /tmp/.forticlient/fortitraylauncher || true
    fi

    # Remove ZTNA browser certificates
    if [ -f /usr/bin/certutil ]; then
        find /home /root -regextype posix-extended \
        -regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \
        -maxdepth 5 -print0 2>/dev/null |
        while IFS= read -r -d $'\0' p; do
        /usr/bin/certutil -F -n FCT_ZTNA    -d sql:"$p" 2>/dev/null || true;
        /usr/bin/certutil -D -n FCT_ZTNA_CA -d sql:"$p" 2>/dev/null || true;
        done
    fi

    # Stop forticlient service
    if [ -d /run/systemd/system ]; then
        systemctl stop forticlient-scheduler.service
    fi

    if [ -d /run/systemd/system ]; then
        systemctl stop forticlient.service
    fi

    pkill -f /opt/forticlient
    exit 0
}

post_remove() {
    # Stop reload daemons
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload > /dev/null || true
    fi

    # Remove shared memory
    rm -rf /var/run/fctc.s || true

    # Remove Fortitray.desktop symlink
    rm -rf /etc/xdg/autostart/Fortitray.desktop || true

    # Remove fortitraylauncher fifo
    rm -rf /tmp/.forticlient/fortitraylauncher || true

    # Remove VPN autostart launcher symlink
    rm -rf /etc/xdg/autostart/Fortivpn.desktop || true

    # Remove GUI symlink
    rm -rf /usr/bin/forticlient || true

    # Remove fortivpn symlink
    rm -rf /usr/bin/forticlient || true

    # Remove FortiClient scheduler
    rm -rf /lib/systemd/system/forticlient.service || true

    # Remove FortiClient binaries
    rm -rf /opt/forticlient || true

    # Remove fortitray policy
    rm -rf /usr/share/polkit-1/actions/org.fortinet.fortitray.policy || true

    # Remove forticlient policy
    rm -rf /usr/share/polkit-1/actions/org.fortinet.forticlient.policy || true

    exit 0
}

zez3 commented on 2023-01-11 20:52 (UTC) (edited on 2023-01-11 20:58 (UTC) by zez3)

I'm on 7.0.7 FCT VPN only(the gratis one) which is unfortunately available only via Support Portal. Fortinet does not seem to care to update the public one over @forticlient.com (Afterwards I saw that they finally manged to update it)

https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb

So, I've had the same white menu issue in my case I checked the forticlient service and I was getting timeouts

systemctl status forticlient.service

fctsched Error receiving message from confighandler: Connection time out fctsched Error receiving message from confighandler: Connection time out

I stopped the service and did an strace for confighandler that pointed me to a missing directory.

I've created the /var/lib/forticlient directory and restarted the forticlient service which resulted in no more timeouts. Also the white menu was gone and I could use the VPN Client

We use SAML+MFA which succeeded but the client was unable to establish a connection

I change the log level and afterwards I was seeing in debug sslvpn logs

[sslvpn:EROR] vif:30 Failed open tun device
[sslvpn:EROR] vpn_connection:1264 Create VPN network interface failed
[sslvpn:EROR] vpn_connection:2131 Restore DNS failed

I set

sudo setcap -r cap_net_admin,cap_net_bind_service+ep /opt/forticlient/fortivpn

which seems to help. Perhaps it should be included in the install script and avoid the sudoers all together.