openfortivpn

openfortivpn [host:port] [-u user] [-p pass] [-c config] [options]

openfortivpn is an open-source VPN client for Fortinet's proprietary PPP+TLS VPN solution, commonly known as FortiClient SSL VPN. It establishes a secure tunnel using PPP over TLS/SSL to connect to FortiGate appliances and FortiClient VPN servers.The client handles authentication (including two-factor), certificate verification, and route configuration. It creates a PPP interface for the VPN connection and can manage routing to direct traffic through the VPN tunnel.

-c, --config=file

Configuration file (default: /etc/openfortivpn/config)

VPN account username

VPN account password

Trust gateway certificate with this SHA256 fingerprint

Client certificate file for authentication

Client private key file

Specify authentication realm

One-time password for two-factor authentication

Search for OTP prompt string

Delay in seconds before sending OTP

Use SAML/SSO authentication

Use a pinentry program for password entry

Reconnect after the specified delay on disconnect

Do not add VPN routes to routing table

Add two /1 routes instead of default route

Configure routes (0 to disable)

Configure DNS (0 to disable)

Log file for pppd

Set ppp interface name

Use DNS servers provided by the peer

Set custom HTTP User-Agent

Increase verbosity (use multiple times)

Decrease verbosity

Requires root privileges to create network interfaces and modify routing tables. Password provided on command line may be visible in process listings; prefer configuration file for credentials. Some Fortinet servers may require specific trusted certificate fingerprints or realm settings.

Created as an open-source alternative to the proprietary FortiClient for Linux. Developed to provide command-line VPN connectivity for FortiGate SSL VPN servers, which are widely used in enterprise environments. The project emerged from the need for a lightweight, scriptable VPN client compatible with Fortinet infrastructure.

openvpn(8), pppd(8), ip(8)