-
-
Save mgeeky/8afc0e32b8b97fd6f96fce6098615a93 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # Forticlient SSL VPN Client launching script utilizing expect. | |
| # -------------------------------------------- | |
| # CONFIGURATION | |
| # If empty - script will take some simple logic to locate appropriate binary. | |
| FORTICLIENT_PATH="" | |
| # VPN Credentials | |
| VPN_HOST="host:10443" | |
| VPN_USER="username" | |
| VPN_PASS="password" | |
| # -------------------------------------------- | |
| trap ctrl_c INT | |
| function ctrl_c() { | |
| echo "Removing left-over files..." | |
| rm -f /tmp/expect | |
| } | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" | |
| exit 1 | |
| fi | |
| if [ -z "$FORTICLIENT_PATH" ]; then | |
| FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)` | |
| if [ ! -f $FORTICLIENT_PATH ]; then | |
| echo "Tried to locate Forticlient SSL VPN Cli binary, but failed." | |
| echo "Specify it at variable FORTCLIENT_PATH" | |
| exit 1 | |
| fi | |
| echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH" | |
| fi | |
| echo "Killing previous instances of Forticlient SSL VPN client..." | |
| killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null | |
| cat << EOF > /tmp/expect | |
| #!/usr/bin/expect -f | |
| match_max 1000000 | |
| set timeout -1 | |
| spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive | |
| expect "Password for VPN:" | |
| send -- "$VPN_PASS" | |
| send -- "\r" | |
| expect "Would you like to connect to this server? (Y/N)" | |
| send -- "Y" | |
| send -- "\r" | |
| expect "Clean up..." | |
| close | |
| EOF | |
| chmod 500 /tmp/expect | |
| /usr/bin/expect -f /tmp/expect | |
| rm -f /tmp/expect |
Hi @gabsmprocha ,
To make it more visible, in the VPN Credentials block i added
# VPN Credentials
VPN_HOST="host:10443"
VPN_USER="username"
VPN_PASS="password"
token=$1 #new addition, 1st script parameter as variable
and i have added on more block in the expect part , check expect "A FortiToken code is required for SSL-VPN login authentication." below
cat << EOF > /tmp/expect
#!/usr/bin/expect -f
match_max 1000000
set timeout -1
spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
expect "Password for VPN:"
send -- "$VPN_PASS"
send -- "\r"
expect "Would you like to connect to this server? (Y/N)"
send -- "Y"
send -- "\r"
expect "A FortiToken code is required for SSL-VPN login authentication." #new block
send_user "Enter the token:"
#gets stdin token
send -- "$token\r"
send -- "\r" #end of new block
expect "Clean up..."
close
EOF
so i can then run it like ./forticlientsslvpn-expect.sh <123456>
Maybe it's now clearer ? If not please let me know
invalid command name "--vpnuser"
while executing
"--vpnuser kks"
(file "/tmp/expect" line 5)
@roupasz tks a lot! 😄
np problem @gabsmprocha :)
I'm trying to run the script and I'm getting the following error:
./forticlientsslvpn-expect.sh
Killing previous instances of Forticlient SSL VPN client...
./forticlientsslvpn-expect.sh: line 59: /usr/bin/expect: No such file or directory
Has anyone gone through the same and can help me with this?
Edit**: it is necessary to install the Expect tool before running the Script.
hi @GiseliSiqueira ,
The error shows that expect binary is not installed or at least found in the expected path in your system. You can quickly confirm it by running which expect, if this provides a path you can update the script with the correct one.
If not, then you need to install it and this depends on your distribution.
ex for Ubuntu 18.04
sudo apt update
sudo apt install expect
ex. for Fedora 34
dnf -y install expect
Hope this helps
UPDATE: I just saw your edit, so you've figured out on your own ;)
if there a python copy of this script?
Somehow forticlientsslvpn_cli seems to be no longer available on the FortiNet website. Is there any mirror for it available?
@skjerns Did you find a solution?
yes! I simply use openfortivpn or openfortigui :) did not know there were open source alternatives out
yes! I simply use
openfortivpnoropenfortigui:) did not know there were open source alternatives out
Thank you! Works great :)
Thank you! It's worked for me!
@roupasz in which part of the code did you add the token script?