🗒️ l-lin

Search

SearchSearch

✏️ 2024-07-18 🗓️️ Log

install Forticlient VPN with SAML in NixOS

If your company is using Forticlient to connect to their VPN, you won’t be able to use their binary.

Instead, you have to use openfortivpn with openfortivpn-webview to get the cookie for authentication.

First download openfortivpn. It should already be present at vpn/default.nix.

{ pkgs, ... }: {
  home.packages = with pkgs; [ openfortivpn ];
}

Download openfortivpn-webview and put the binary in your $PATH. It should already be present by using the derivation pkgs/openfortivpn-webview/default.nix and importing at vpn/default.nix.

Then use like this:

# open VPN in one command line
VPN_HOST=some_host && VPN_PORT=443 \
  && openfortivpn-webview "${VPN_HOST}:${VPN_PORT}" 2>/dev/null \
  | sudo openfortivpn "${VPN_HOST}:${VPN_PORT}" --cookie-on-stdin --pppd-accept-remote

NOTE

We need to add the --pppd-accept-remote since ppp v2.5.0. See https://github.com/adrienverge/openfortivpn/issues/1076 for more information.

Graph View

Backlinks