Arch Linux User Repository

Community,

The Fortinet provides two products, "FortiClient EMS" and "FortiClient VPN only". This package only correspond to "FortiClient VPN only" and your lastest version is 7.0.7.0246 at 03-09-2023.

If you are interested in "FortiClient EMS", I suggest following the AUR package 'forticlient' [https://aur.archlinux.org/packages/forticlient]

@MikeTheRat I had the same problem, i'm using harappan's PKGBUILD for 7.0.7 which works great.

Hi! After latest Garuda linux update I can't connect to my work VPN for some reason.I keep getting "routing configuration failed" error right after starting to connect, at the same moment. I had to revert my update to latest pre-update snapshot to get forticlient-vpn working again. Is there any hope to get update for this package? Thanks!

is there a possibility that Douglas updates the main package ?

There is an new version (7.2) which works way better with SSO signins. Since for some reason this file is not listed on the fortinet repo i added it to another one.

# Contributor: Jurgen <jurgen at insan3 dot nl>
pkgname=forticlient_vpn
pkgver=7.2.0.0644
pkgrel=1
pkgdesc="An fortinet sslvpn application"
arch=('x86_64')
url="https://www.forticlient.com"
license=('custom')
groups=()
provides=(forticlient_vpn)
depends=('libxss' 'libsecret' 'alsa-lib' 'libnotify' 'gtk3' 'nss' 'libxcrypt-compat' 'libappindicator-gtk2')
backup=('etc/forticlient/config.db')
options=('!strip' '!emptydirs')
source=("http://mirror.previder.nl/deb/pool/main/${pkgname}_${pkgver}_amd64.deb")
sha512sums=('a21047dc80d2af8578fee0196bac039401df7c6914b2527f3b6da9f0c1ab2875d2fc065f71e82ce729b6141228dc3d3af637eff3509dc209d8cbecf80ca3b0b8')

package(){

    # Extract package data
    tar xf data.tar.xz -C "${pkgdir}"

    # Fix directory structure differences
    cd "${pkgdir}"

    mkdir -p usr/lib 2> /dev/null; mv lib/* usr/lib; rm -rf lib
    mkdir -p var/lib/forticlient

    cd ..

}

PKGBUILD

# Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com>
pkgname=forticlient-vpn
pkgver=7.0.7.0246
pkgrel=2
pkgdesc="Build through the official package of FortiClient VPN only"
arch=("x86_64")
url="https://www.fortinet.com/support/product-downloads"
license=('custom:fortinet')
depends=('systemd' 'nss' 'gtk3' 'libxss' 'polkit' 'openssl' 'libnotify' 'org.freedesktop.secrets' 'libappindicator-gtk2')
optdepends=(
    'mate-polkit: for polkit authentication for the MATE'
    'polkit-gnome: for polkit authentication for the GNOME'
    'polkit-kde-agent: for polkit authentication for the KDE'
    'deepin-polkit-agent: for polkit authentication for the Deepin'
    'pantheon-polkit-agent: for polkit authentication for the Pantheon'
    'lxqt-policykit: for polkit authentication for the LXQt'
)
provides=('fortivpn' 'FortiClient')
install='forticlient-vpn.install'
source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb")
sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e')


package() {

    bsdtar -xf data.tar.xz -C "$pkgdir/"

    install -Dm644  "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service"

    rm -rf "${pkgdir}/lib"

    # Install license
    install -Dm 644 "${pkgdir}/usr/share/doc/forticlient/copyright" "${pkgdir}/usr/share/licenses/fortinet/LICENSE"

    # Symbolic link to fortivpn CLI
    mkdir -p ${pkgdir}/usr/bin
    ln -sf '/opt/forticlient/fortivpn' "${pkgdir}/usr/bin/fortivpn"
    [[ -d /var/lib/forticlient ]] || mkdir /var/lib/forticlient


}

forticlient-vpn.install

pre_install () {
    BACKUP_DIR=/etc/forticlient/.old
    FCT_CONFIG_DB=/etc/forticlient/config.db
    FCT_CONFIG=/etc/forticlient/config.xml
    EC_CONFIG=/opt/forticlient/XMLs/ecdata.xml

    # Backup old XML configurations if they exist so they can
    # be imported on start up if upgrading from an older FCT version
    if [ -f $FCT_CONFIG_DB ] || [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then
        mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR
    else
        exit 0
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG_DB ]; then
        cp $FCT_CONFIG_DB $BACKUP_DIR
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG ]; then
        cp $FCT_CONFIG $BACKUP_DIR
    fi

    if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $EC_CONFIG ]; then
        cp $EC_CONFIG $BACKUP_DIR
    fi
    exit 0
}

pre_upgrade () {
    # Check if forticlient is registered to EMS if it's an uninstall
    if [ -f /opt/forticlient/.fct_ec_registered ]; then
        echo "Error: Unable to uninstall forticlient while connected to EMS"
        exit 1
    fi

    # Remove old symlink when upgrading from older versions
    if [ -f /usr/bin/FortiClient ]; then
        pkill -f /usr/bin/FortiClient
        rm -rf /usr/bin/FortiClient
    fi
}

post_install() {
    # Remove older version directories and files when upgrading
    if [ -d /usr/bin/forticlient ]; then
        pkill -f /usr/bin/forticlient
        rm -rf /usr/bin/forticlient
    fi

    # Remove old configuration files when upgrading from older versions
    if [ -f /etc/forticlient/config.xml ]; then
        rm -rf /etc/forticlient/config.xml
    fi

    if [ -f /etc/forticlient/config_backup.xml ]; then
        rm -rf /etc/forticlient/config_backup.xml
    fi

    # Remove old pid lock
    if [ -f /tmp/.forticlient/fortivpn.pid ]; then
        rm -rf /tmp/.forticlient/fortivpn.pid
    fi

    if [ -f /opt/forticlient/Fortitray.desktop ]; then
        ln -sf /opt/forticlient/Fortitray.desktop /etc/xdg/autostart/Fortitray.desktop
    fi

    if [ -f /opt/forticlient/Fortivpn.desktop ]; then
        ln -sf /opt/forticlient/Fortivpn.desktop /etc/xdg/autostart/Fortivpn.desktop
    fi

    # Restore permissions to all files
    if [ -f /opt/forticlient/.repackaged ] && [ -f /opt/forticlient/.acl ]; then
    (
        cd /
        setfacl --restore /opt/forticlient/.acl
    )
    fi

    if [ -f /etc/forticlient/servers.conf ]; then
        chmod 600 /etc/forticlient/servers.conf
    fi

    # Create GUI symlink to launch from terminal
    if [ -f /opt/forticlient/gui/FortiClient-linux-x64/FortiClient ]; then
        ln -sf /opt/forticlient/gui/FortiClient-linux-x64/FortiClient /usr/bin/forticlient
    fi

    # Launch fortitray
    if [ -f /opt/forticlient/fortitraylauncher ]; then
        if [ ! -z "$(logname 2>/dev/null)" ]; then
            user="$(logname 2>/dev/null)"
        elif [ ! -z "$SUDO_USER" ]; then
            user="$SUDO_USER"
        else
            user=$(users 2>/dev/null | cut -d ' ' -f1)
        fi

        # Need to find the user DBUS address, otherwise Fortitray icon won't show
        DBUS_SESSION_BUS_ADDRESS=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DBUS_SESSION_BUS_ADDRESS=')
        DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS#*=}

        # XAUTHORITY and DISPLAY needed by Fortitray to run
        XAUTHORITY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XAUTHORITY=')
        XAUTHORITY=${XAUTHORITY#*=}

        DISPLAY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DISPLAY=')
        DISPLAY=${DISPLAY#*=}

        XDG_RUNTIME_DIR=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XDG_RUNTIME_DIR=')
        XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR#*=}

        # Start fortitraylauncher while forwarding environment variables needed by Fortitray
        su ${user} -c "env XAUTHORITY=$XAUTHORITY \
                        DISPLAY=$DISPLAY \
                        DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \
                        XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
                        setsid /opt/forticlient/fortitraylauncher &>/dev/null &"
    fi

    # Update icons cache so icon will show correctly
    if [ -f /usr/share/icons/hicolor/48x48/apps/forticlient.png ]; then
        gtk-update-icon-cache -f /usr/share/icons/hicolor || true
    fi

    # Setup forticlient protocol handler
    if [ -f /usr/share/applications/forticlient-register.desktop ]; then
        update-desktop-database
    fi

    # Stop reload daemons
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload > /dev/null || true
    fi
}

post_upgrade() {
cat << EOF

==> After upgrade, to restore your config, copy old file from /etc/forticlient/.old/ to /etc/forticlient/

EOF
}

pre_remove() {
    # Stop fortitray
    if [ -f /tmp/.forticlient/fortitraylauncher ]; then
        echo "terminate" > /tmp/.forticlient/fortitraylauncher || true
    fi

    # Remove ZTNA browser certificates
    if [ -f /usr/bin/certutil ]; then
        find /home /root -regextype posix-extended \
        -regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \
        -maxdepth 5 -print0 2>/dev/null |
        while IFS= read -r -d $'\0' p; do
        /usr/bin/certutil -F -n FCT_ZTNA    -d sql:"$p" 2>/dev/null || true;
        /usr/bin/certutil -D -n FCT_ZTNA_CA -d sql:"$p" 2>/dev/null || true;
        done
    fi

    # Stop forticlient service
    if [ -d /run/systemd/system ]; then
        systemctl stop forticlient-scheduler.service
    fi

    if [ -d /run/systemd/system ]; then
        systemctl stop forticlient.service
    fi

    pkill -f /opt/forticlient
    exit 0
}

post_remove() {
    # Stop reload daemons
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload > /dev/null || true
    fi

    # Remove shared memory
    rm -rf /var/run/fctc.s || true

    # Remove Fortitray.desktop symlink
    rm -rf /etc/xdg/autostart/Fortitray.desktop || true

    # Remove fortitraylauncher fifo
    rm -rf /tmp/.forticlient/fortitraylauncher || true

    # Remove VPN autostart launcher symlink
    rm -rf /etc/xdg/autostart/Fortivpn.desktop || true

    # Remove GUI symlink
    rm -rf /usr/bin/forticlient || true

    # Remove fortivpn symlink
    rm -rf /usr/bin/forticlient || true

    # Remove FortiClient scheduler
    rm -rf /lib/systemd/system/forticlient.service || true

    # Remove FortiClient binaries
    rm -rf /opt/forticlient || true

    # Remove fortitray policy
    rm -rf /usr/share/polkit-1/actions/org.fortinet.fortitray.policy || true

    # Remove forticlient policy
    rm -rf /usr/share/polkit-1/actions/org.fortinet.forticlient.policy || true

    exit 0
}

I'm on 7.0.7 FCT VPN only(the gratis one) which is unfortunately available only via Support Portal. Fortinet does not seem to care to update the public one over @forticlient.com (Afterwards I saw that they finally manged to update it)

https://filestore.fortinet.com/forticlient/forticlient_vpn_7.0.7.0246_amd64.deb

So, I've had the same white menu issue in my case I checked the forticlient service and I was getting timeouts

systemctl status forticlient.service

fctsched Error receiving message from confighandler: Connection time out fctsched Error receiving message from confighandler: Connection time out

I stopped the service and did an strace for confighandler that pointed me to a missing directory.

I've created the /var/lib/forticlient directory and restarted the forticlient service which resulted in no more timeouts. Also the white menu was gone and I could use the VPN Client

We use SAML+MFA which succeeded but the client was unable to establish a connection

I change the log level and afterwards I was seeing in debug sslvpn logs

[sslvpn:EROR] vif:30 Failed open tun device
[sslvpn:EROR] vpn_connection:1264 Create VPN network interface failed
[sslvpn:EROR] vpn_connection:2131 Restore DNS failed

I set

sudo setcap -r cap_net_admin,cap_net_bind_service+ep /opt/forticlient/fortivpn

which seems to help. Perhaps it should be included in the install script and avoid the sudoers all together.

Hello, community!

I made the first attempt to update to version 7.0.7.0246, but I wasn't successful. The main screen of the application turned blank. The output in terminal show me the follow error:

Failed to connect to confighandler: connect(127.0.0.1:33973): error Connection refused
Failed to get config. Retry after 1 second.

I still have no idea how to resolve this error

The code is avaliable for contribuitions at: https://github.com/douglasimcabral/forticlient-vpn

@iamtalhaasghar
If you facing Backup Routing Table Failed issue. I found there are two ways to fixed it temporarily. You can try one of them.
1. Set the network ip address as static only instead of DHCP.
2. Login to router setting page and change the network ip range to 10.0.0.0/8 or 172.16.0.0/12 instead of 192.168.0.0/16.

diff --git a/PKGBUILD b/PKGBUILD
index 01330f9..0019183 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Douglas Iuri Medeiros Cabral <douglasimcabral at zohomail dot com>
 pkgname=forticlient-vpn
-pkgver=7.0.0.0018
+pkgver=7.0.7.0246
 pkgrel=2
 pkgdesc="Build through the official package of FortiClient VPN only"
 arch=("x86_64")
@@ -17,21 +17,21 @@ optdepends=(
 )
 provides=('fortivpn' 'FortiClient')
 install='forticlient-vpn.install'
-source=("https://filestore.fortinet.com/forticlient/downloads/forticlient_vpn_${pkgver}_amd64.deb")
-sha256sums=('82e5817048a60ff95d2e88b4a95512f9f0035fa37240ce57580c203b5a8a79c9')
+source=("https://filestore.fortinet.com/forticlient/forticlient_vpn_${pkgver}_amd64.deb")
+sha256sums=('482f245df302417ab19b6501525acae6c62a022eec80baf5ad285a0fb1f5323e')


 package() {

        bsdtar -xf data.tar.xz -C "$pkgdir/"

-       install -Dm644  "${pkgdir}/lib/systemd/system/forticlient-scheduler.service" "${pkgdir}/usr/lib/systemd/system/forticlient-scheduler.service"
+       install -Dm644  "${pkgdir}/lib/systemd/system/forticlient.service" "${pkgdir}/usr/lib/systemd/system/forticlient.service"

        rm -rf "${pkgdir}/lib"

        # Install license
        install -Dm 644 "${pkgdir}/usr/share/doc/forticlient/copyright" "${pkgdir}/usr/share/licenses/fortinet/LICENSE"
-
+
        # Symbolic link to fortivpn CLI
        mkdir -p ${pkgdir}/usr/bin
        ln -sf '/opt/forticlient/fortivpn' "${pkgdir}/usr/bin/fortivpn"
(END)