Quick Setup: OpenFortiVPN with SAML on Linux
Get your SAML setup running in no time!
There’s only four things you need:
- openfortivpn
- openfortivpn-webview
- Your FortiNet gateway address and port
- Your SAML credentials to use (and possibly your phone for 2FA)
After you install openfortivpn and openfortivpn-webview, preferably through your distributions’ package management) create a new shell script to execute whenever you want to launch your VPN connection.
Depending on your preferences you can choose between the Electron or QT version of openfortivpn-webview. Be sure to give the other one a try in case the first one doesn’t work out for you.
I usually have a little ~/bin directory where I put helper tools and scripts which sits in my PATH env var.
I created mine with vi ~/bin/start-vpn and entered the following contents:
#!/bin/bash
# Remember to modify the OF_ vars to suit your setup.
OF_HOST=vpn.host.org && OF_PORT=443 \
&& openfortivpn-webview "${OF_HOST}:${OF_PORT}" 2>/dev/null \
| sudo openfortivpn "${OF_HOST}:${OF_PORT}" \
--cookie-on-stdin \
--pppd-accept-remote
Of course you need to change the content of VPN_HOST and VPN_PORT to your own needs. And don’t forget to make it executable by running chmod +x ~/bin/start-vpn .
Congratulations, you now should have a very simple and working SAMLized VPN connection setup!
I have it set up on my Arch Linux installation and it works without any problems! Please add a comment in case it doesn’t work for you or you have improvements.
Thank’s for reading and have a very good time!
