I am trying to use openfortivpn to connect. Previously I had been using the Fortinet VPN client on MS-Windows - I now get blue screens every time I try to start it (I am downloading the upgraded version, but want to configure this on Linux for other reasons).
The infrastructure I am connecting to has a lot of sub-nets, some of which conflict with my local sub-nets. So with the default settings (--set-routes=1) it overwrites my local routes and box disconnects from the local network. The command line options only seem to allow everything or nothing.
I was able to capture the config which was being applied when it started up and configured routes automatically. Cherry picking the relevant entries and trying to apply them (after restarting the VPN with --no-routes, then manually noting the IP address) resulted in a working connection.
ip route add to 10.0.99.0/255.255.255.0 via 10.220.136.94 dev ppp0
But the local address will change each time I connect; I cannot use this as a literal value in the script.
how do I script this to happen automatically?
The man page for openfortivpn mentions some environment variables which control routing - but typing
"VPN_ROUTE_GATEWAY" openfortivpn
into Google just gives me links to the source code for openfortivpn (and my knowledge of C is too rusty to reverse engineer this).
It turns out it will be possible to automatically do that trick using an ip-up script, I'm still trying to make it work.
And here is the answer : You can create an "ip-up" file and use --ppp-ipparam for routing :
Just add the following file into your
/etc/ppp/ip-up.d/yourendpointname:-you can call it whatever you want-
Here,
"yourendpointname"should match the--ppp-ipparamparameter you want to use in openfortivpn call.chmod 755 this file then use
--ppp-ipparam=yourendpointnamewhen calling openfortivpn.The following (an previous) answer is somewhat complicated :
BTW, you can use the following script to get the VPN gateway and add some routing :
This may help.