openfortivpn

Connect to a VPN with a username and password

$ openfortivpn -u [username] -p [password]

$ sudo openfortivpn -c [path/to/config]

$ openfortivpn [host]:[port]

$ openfortivpn --trusted-cert [sha256_sum]

openfortivpn [host:port] [-u user] [-p pass] [-c config] [options]

openfortivpn is an open-source VPN client for Fortinet's proprietary PPP+TLS VPN solution, commonly known as FortiClient SSL VPN. It establishes a secure tunnel using PPP over TLS/SSL to connect to FortiGate appliances and FortiClient VPN servers.
The client handles authentication (including two-factor), certificate verification, and route configuration. It creates a PPP interface for the VPN connection and can manage routing to direct traffic through the VPN tunnel.

-c, --config=file

Configuration file (default: /etc/openfortivpn/config)

VPN account username

VPN account password

Trust gateway certificate with this SHA256 fingerprint

Specify authentication realm

One-time password for two-factor authentication

Search for OTP prompt string

Delay in seconds before sending OTP

Do not add VPN routes to routing table

Add two /1 routes instead of default route

Log file for pppd

Increase verbosity (use multiple times)

Set ppp interface name

Requires root privileges to create network interfaces and modify routing tables. Password provided on command line may be visible in process listings; prefer configuration file for credentials. Some Fortinet servers may require specific trusted certificate fingerprints or realm settings.

Created as an open-source alternative to the proprietary FortiClient for Linux. Developed to provide command-line VPN connectivity for FortiGate SSL VPN servers, which are widely used in enterprise environments. The project emerged from the need for a lightweight, scriptable VPN client compatible with Fortinet infrastructure.

openvpn(8), pppd(8), ip(8)