In this blog, I will guide you through the process of setting up a Fortigate SSLVPN client in a Docker container. By using Docker, you can easily create a self-contained environment for running the Fortigate SSLVPN client without worrying about compatibility issues or system dependencies. This setup provides a convenient way to access VPN features within a controlled environment. Please note that this guide assumes some basic familiarity with Docker and command-line usage.
If you're looking for instructions on uninstalling FortiClient from macOS, you can refer to my separate blog titled "Uninstalling FortiClient from macOS: A Process to Remove it Without Paid Tools" available here.
To begin, create a Dockerfile with the following content:
FROM ubuntu:18.04 # Install required dependencies RUN apt-get update && apt-get install -y wget tar ppp expect openssh-client sshpass # Download Fortigate SSLVPN CLI RUN wget http://cdn.software-mirrors.com/forticlientsslvpn_linux_4.4.2328.tar.gz # Extract the downloaded file RUN tar -xzvf forticlientsslvpn_linux_4.4.2328.tar.gz # Go to the installer setup directory WORKDIR /forticlientsslvpn/64bit/helper # Create an expect script to automate the setup process RUN echo -e '#!/usr/bin/expect\nspawn ./setup.linux.sh\nexpect "Would you like to connect to this server? (Y/N)"\nsend "Y\\r"\nexpect eof' > setup.exp RUN chmod +x setup.exp # Go back to the root directory WORKDIR / # Set the entrypoint to a custom script COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] # Default command (can be overridden by `docker run` command) CMD ["--help"]
entrypoint.sh with following content.
#!/bin/bash # Create /dev/ppp device node if [ ! -c /dev/ppp ]; then mknod /dev/ppp c 108 0 fi # Execute the SSLVPN CLI command /forticlientsslvpn/64bit/forticlientsslvpn_cli "$@"
entrypoint.sh script checks if the
/dev/ppp device node exists and creates it only if it's not already present. After that, it proceeds to execute the SSLVPN CLI command with any provided arguments.
Open a terminal and navigate to the directory containing the Dockerfile. Run the following command to build the Docker image:
docker build -t fortivpn:v1 .
Execute the following command to start a container using the built image:
docker run -it --privileged --name fortinet fortivpn:v1 --server <vpn-server>:<vpn-port> --vpnuser <vpn-user>
Note: If you ssh server do not support password and wants to use ssh key for authentication, you can also pass volume mount in above docker run command as follows,
Follow the prompts to enter your VPN credentials and establish the connection.
In a separate terminal window, attach to the running container by executing the following command:
docker exec -it fortinet bash
Once inside the container's shell, you can use the SSH client to connect to the jumphost by running:
You can also do online as follows,
docker exec -it fortinet /bin/bash -c 'sshpass -p "<password>" ssh -o StrictHostKeyChecking=no <username>@<jumphost>
I have added these 2 handy alias to make life little bit easier.
Note: To create an alias for the Docker commands, you can add the following lines to your shell profile file (e.g., .bashrc or .zshrc):
alias vpn-start='docker rm -f fortinet && docker run -it --privileged --name fortinet bkpandey/forticlient:v1 --server <replace-server>:<replace-port> --vpnuser <replace-user>' alias vpn-ssh='docker exec -it fortinet sshpass -p "<replace-password>" ssh -o StrictHostKeyChecking=no <replace-user>@<replace-server>'
After adding these lines, run source
~/.bashrc (or source
~/.zshrc) to reload the shell profile.
Now you can use the following commands:
vpn-start: This command will remove any existing fortinet container, start a new container with the specified parameters, and establish the VPN connection.
vpn-ssh: This command will initiate an SSH connection to the jumphost using the VPN connection established in the fortinet container.