Goglides Dev 🌱

Balkrishna Pandey
Balkrishna Pandey

Posted on

Setting Up a Fortinet SSLVPN Client in a Docker Container

In this blog, I will guide you through the process of setting up a Fortigate SSLVPN client in a Docker container. By using Docker, you can easily create a self-contained environment for running the Fortigate SSLVPN client without worrying about compatibility issues or system dependencies. This setup provides a convenient way to access VPN features within a controlled environment. Please note that this guide assumes some basic familiarity with Docker and command-line usage.

If you're looking for instructions on uninstalling FortiClient from macOS, you can refer to my separate blog titled "Uninstalling FortiClient from macOS: A Process to Remove it Without Paid Tools" available here.

Create the Dockerfile

To begin, create a Dockerfile with the following content:

FROM ubuntu:18.04

# Install required dependencies
RUN apt-get update && apt-get install -y wget tar ppp expect openssh-client sshpass

# Download Fortigate SSLVPN CLI
RUN wget http://cdn.software-mirrors.com/forticlientsslvpn_linux_4.4.2328.tar.gz

# Extract the downloaded file
RUN tar -xzvf forticlientsslvpn_linux_4.4.2328.tar.gz

# Go to the installer setup directory
WORKDIR /forticlientsslvpn/64bit/helper

# Create an expect script to automate the setup process
RUN echo -e '#!/usr/bin/expect\nspawn ./setup.linux.sh\nexpect "Would you like to connect to this server? (Y/N)"\nsend "Y\\r"\nexpect eof' > setup.exp
RUN chmod +x setup.exp

# Go back to the root directory

# Set the entrypoint to a custom script
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

# Default command (can be overridden by `docker run` command)
CMD ["--help"]
Enter fullscreen mode Exit fullscreen mode

And create entrypoint.sh with following content.

# Create /dev/ppp device node
if [ ! -c /dev/ppp ]; then
  mknod /dev/ppp c 108 0

# Execute the SSLVPN CLI command
/forticlientsslvpn/64bit/forticlientsslvpn_cli "$@"
Enter fullscreen mode Exit fullscreen mode

The entrypoint.sh script checks if the /dev/ppp device node exists and creates it only if it's not already present. After that, it proceeds to execute the SSLVPN CLI command with any provided arguments.

Build the Docker Image

Open a terminal and navigate to the directory containing the Dockerfile. Run the following command to build the Docker image:

docker build -t fortivpn:v1 .
Enter fullscreen mode Exit fullscreen mode

Run the Fortigate SSLVPN Client Container and connect to VPN Server

Execute the following command to start a container using the built image:

docker run -it --privileged --name fortinet fortivpn:v1 --server <vpn-server>:<vpn-port> --vpnuser <vpn-user>
Enter fullscreen mode Exit fullscreen mode

Note: If you ssh server do not support password and wants to use ssh key for authentication, you can also pass volume mount in above docker run command as follows, -v $HOME/.ssh:/root/.ssh

Follow the prompts to enter your VPN credentials and establish the connection.

Accessing Jumphost via SSH

In a separate terminal window, attach to the running container by executing the following command:

docker exec -it fortinet bash
Enter fullscreen mode Exit fullscreen mode

Once inside the container's shell, you can use the SSH client to connect to the jumphost by running:

ssh <username>@<jumphost>
Enter fullscreen mode Exit fullscreen mode

You can also do online as follows,

docker exec -it fortinet /bin/bash -c 'sshpass -p "<password>" ssh -o StrictHostKeyChecking=no <username>@<jumphost>
Enter fullscreen mode Exit fullscreen mode

Create alias to simplify the process

I have added these 2 handy alias to make life little bit easier.

Note: To create an alias for the Docker commands, you can add the following lines to your shell profile file (e.g., .bashrc or .zshrc):

alias vpn-start='docker rm -f fortinet && docker run -it --privileged --name fortinet bkpandey/forticlient:v1 --server <replace-server>:<replace-port> --vpnuser <replace-user>'
alias vpn-ssh='docker exec -it fortinet sshpass -p "<replace-password>" ssh -o StrictHostKeyChecking=no <replace-user>@<replace-server>'
Enter fullscreen mode Exit fullscreen mode

After adding these lines, run source ~/.bashrc (or source ~/.zshrc) to reload the shell profile.

Now you can use the following commands:

vpn-start: This command will remove any existing fortinet container, start a new container with the specified parameters, and establish the VPN connection.
vpn-ssh: This command will initiate an SSH connection to the jumphost using the VPN connection established in the fortinet container.

Top comments (0)