Connect to a Fortinet VPN with Ubuntu

If you use SSL based VPN from Fortinet, you can use openfortivpn software which is part of Ubuntu and Fedora.

$ sudo apt install -y openfortivpn || yum install -y openfortivpn
$ touch openfortivpn.conf
$ chmod go= openfortivpn.conf

Edit openfortivpn.conf:

host =
port =
username =
password =
# trusted-cert =

Connect the first time:

$ sudo openfortivpn -c openfortivpn.conf
ERROR:  Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert  <some-random-string-to-add-to-trusted-cert>

Edit openfortivpn.conf file and update trusted-cert option with the string from the error. Make sure the option is not commented (remove the #).

Each time you need to connect, run:

sudo openfortivpn -c openfortivpn.conf

You could also do it straight through the command line and make an alias for it in your .bashrc. This is less secure as any user on the system will be able to see the password using ps.

sudo openfortivpn -u <USER> -p <PASSWORD> --trusted-cert <CERTIFICATE> <SERVER>:<PORT>

To disconnect press: Ctrl+C

Fortinet is just an IPSEC VPN server - you don't specifically need their client to connect to it. The IPSEC HOWTO details a list of various options you have for setting up a Linux VPN client. There are also a few commercial linux IPSec clients such as Shrewsoft.