In this blog, I will guide you through the process of setting up a Fortigate SSLVPN client in a Docker container. By using Docker, you can easily create a self-contained environment for running the Fortigate SSLVPN client without worrying about compatibility issues or system dependencies. This setup provides a convenient way to access VPN features within a controlled environment. Please note that this guide assumes some basic familiarity with Docker and command-line usage.
If you're looking for instructions on uninstalling FortiClient from macOS, you can refer to my separate blog titled "Uninstalling FortiClient from macOS: A Process to Remove it Without Paid Tools" available here.
Create the Dockerfile
To begin, create a Dockerfile with the following content:
FROM ubuntu:18.04
# Install required dependencies
RUN apt-get update && apt-get install -y wget tar ppp expect openssh-client sshpass
# Download Fortigate SSLVPN CLI
RUN wget http://cdn.software-mirrors.com/forticlientsslvpn_linux_4.4.2328.tar.gz
# Extract the downloaded file
RUN tar -xzvf forticlientsslvpn_linux_4.4.2328.tar.gz
# Go to the installer setup directory
WORKDIR /forticlientsslvpn/64bit/helper
# Create an expect script to automate the setup process
RUN echo -e '#!/usr/bin/expect\nspawn ./setup.linux.sh\nexpect "Would you like to connect to this server? (Y/N)"\nsend "Y\\r"\nexpect eof' > setup.exp
RUN chmod +x setup.exp
# Go back to the root directory
WORKDIR /
# Set the entrypoint to a custom script
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
# Default command (can be overridden by `docker run` command)
CMD ["--help"]
And create entrypoint.sh with following content.
#!/bin/bash
# Create /dev/ppp device node
if [ ! -c /dev/ppp ]; then
mknod /dev/ppp c 108 0
fi
# Execute the SSLVPN CLI command
/forticlientsslvpn/64bit/forticlientsslvpn_cli "$@"
The entrypoint.sh script checks if the /dev/ppp device node exists and creates it only if it's not already present. After that, it proceeds to execute the SSLVPN CLI command with any provided arguments.
Build the Docker Image
Open a terminal and navigate to the directory containing the Dockerfile. Run the following command to build the Docker image:
docker build -t fortivpn:v1 .
Run the Fortigate SSLVPN Client Container and connect to VPN Server
Execute the following command to start a container using the built image:
docker run -it --privileged --name fortinet fortivpn:v1 --server <vpn-server>:<vpn-port> --vpnuser <vpn-user>
Note: If you ssh server do not support password and wants to use ssh key for authentication, you can also pass volume mount in above docker run command as follows,
-v $HOME/.ssh:/root/.ssh
Follow the prompts to enter your VPN credentials and establish the connection.
Accessing Jumphost via SSH
In a separate terminal window, attach to the running container by executing the following command:
docker exec -it fortinet bash
Once inside the container's shell, you can use the SSH client to connect to the jumphost by running:
ssh <username>@<jumphost>
You can also do online as follows,
docker exec -it fortinet /bin/bash -c 'sshpass -p "<password>" ssh -o StrictHostKeyChecking=no <username>@<jumphost>
Create alias to simplify the process
I have added these 2 handy alias to make life little bit easier.
Note: To create an alias for the Docker commands, you can add the following lines to your shell profile file (e.g., .bashrc or .zshrc):
alias vpn-start='docker rm -f fortinet && docker run -it --privileged --name fortinet bkpandey/forticlient:v1 --server <replace-server>:<replace-port> --vpnuser <replace-user>'
alias vpn-ssh='docker exec -it fortinet sshpass -p "<replace-password>" ssh -o StrictHostKeyChecking=no <replace-user>@<replace-server>'
After adding these lines, run source ~/.bashrc (or source ~/.zshrc) to reload the shell profile.
Now you can use the following commands:
vpn-start: This command will remove any existing fortinet container, start a new container with the specified parameters, and establish the VPN connection.
vpn-ssh: This command will initiate an SSH connection to the jumphost using the VPN connection established in the fortinet container.
Top comments (0)