Skip to content

Instantly share code, notes, and snippets.

@nylander

nylander/FortiClientVPN

Last active October 28, 2025 11:09
Show Gist options
  • Save nylander/d58a9d4e1678f6aeb6632040d1d0abb3 to your computer and use it in GitHub Desktop.
Save nylander/d58a9d4e1678f6aeb6632040d1d0abb3 to your computer and use it in GitHub Desktop.
Download ZIP
Start/stop script for FortiClient VPN on Linux
Raw
FortiClientVPN
#!/usr/bin/env bash
# Start/stop FortiClient VPN
# Last modified: ons mar 15, 2023 03:47
# Sign: JN
# To disable starting forticlient after reboot:
# 1. Comment out the command (edit and add an `#` in front of the line) in file
# `/opt/forticlient/start-fortitray-launcher.sh`
# 2. `sudo systemctl disable forticlient-scheduler`
# After step 1 and 2 above, forticlient daemon will not start after reboot. To
# start the VPN client however, you first need to start the daemon, then the
# client. This can be done with this script.
if [[ $# -ne 1 ]]; then
echo "ERROR: expects one argument (start or stop)" >&2
exit 1
fi
if [[ "$1" == '-h' || "$1" == '--help' ]] ; then
echo -e "Description: Start or stop FortiClient VPN\nUsage: $0 stop|start\nNote: requires sudo privileges"
exit 0
elif [[ "$1" == "start" ]] ; then
echo "start forticlient"
pgrep fctsched > /dev/null
if [ $? -eq 1 ] ; then
sudo systemctl start forticlient-scheduler
fi
forticlient &> /dev/null &
elif [[ "$1" == "stop" ]] ; then
echo "stop forticlient"
sudo systemctl stop forticlient-scheduler
else
echo "ERROR: unknown argument ($1). Expects start or stop." >&2
exit 1
fi
@nylander
Copy link
Author

nylander commented May 2, 2024
edited
Loading

Using my current forticlient version (7.2.4.0809 on Ubuntu 22.04), the system start/stop doesn't work. I instead use a script that simply connects or disconnects:

#!/usr/bin/env bash

# Start/stop FortiClient VPN
# Note: I did not  manage to disable forticlient on startup -- and
# easily restart(!) -- with the current version (7.4.3.1736).
# This version of the script just connects to NRM.
#
# Begin OLD_INFO
#   To disable starting forticlient after reboot:
#   1. Comment out the command (edit and add an `#` in front of the line) in file
#     `/opt/forticlient/start-fortitray-launcher.sh`
#   2. `sudo systemctl disable forticlient`
#   After step 1 and 2 above, forticlient daemon will not start after reboot. To
#   start the VPN client however, you first need to start the daemon, then the
#   client.
# End OLD_INFO.

nrmuser='NRMUSER'
nrmvpn='NRM VPN 2023'
version='2025-10-28'

usage() {
  echo ""
  echo "$(basename "$0") v.$version"
  echo "Description:"
  echo "  Start or stop FortiClient VPN connection for user '${nrmuser}' to '${nrmvpn}'"
  echo "Usage:"
  echo "  $(basename "$0") [-h|--help] <start|stop|status>"
  echo "Note:"
  echo "  For '$nrmvpn', you need to provide your NRM password,"
  echo "  (possibly answer 'y' to cert warning), and"
  echo "  authenticate using the FortiToken Mobile app."
  echo "  When stopping, there will be a non-harmful, excpected warning"
  echo "  saying 'Error: Can not connect to VPN server'"
}

if [[ $# -ne 1 ]]; then
  echo -e "ERROR: expects one argument (start, stop, or status)" >&2
  usage
  exit 1
fi

if [[ "$1" == '-h' || "$1" == '--help' ]] ; then
  usage
  exit 0
elif [[ "$1" == "start" ]] ; then
  echo "start forticlient"
  #pgrep fctsched > /dev/null
  #if [ $? -eq 1 ] ; then
  #  sudo systemctl start forticlient
  #fi
  #forticlient gui &> /dev/null &
  forticlient vpn connect "${nrmvpn}" -u "${nrmuser}"
elif [[ "$1" == "stop" ]] ; then
  echo "stop forticlient"
  forticlient vpn disconnect
  #sudo systemctl stop forticlient
elif [[ "$1" == "status" ]] ; then
  echo "status forticlient"
  forticlient vpn status
else
  echo "ERROR: unknown argument ($1). Expects start, stop, or status" >&2
  usage
  exit 1
fi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment