-
Collect VPN connection details from IT or your FortiClient GUI profile:
- Host
- Port
- Username
- Password
-
Install
openfortivpnCLI tool:brew install openfortivpn
-
Install Cloudflare WARP:
brew install --cask cloudflare-warp
- Cloudflare WARP (aka 1.1.1.1 app) is a free VPN-like client that routes traffic via Cloudflare.
- If you enable WARP before connecting with FortiClient/openfortivpn, your Forti handshake goes through Cloudflare instead of your ISPβs broken path.
-
Find out the VPN DNS servers (run while connected to the official FortiClient):
-
On macOS:
scutil --dns | grep nameserver -
On Linux:
nmcli dev show | grep DNS
Example output:
# For this setup, the VPN pushes these DNS servers: 10.127.1.10 10.127.1.11 -
-
Get the
trusted-certfingerprint (replaceHOST:PORTwith your VPN host and port):# Verified on macOS openssl s_client -connect HOST:PORT </dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256
Example output:
SHA256 Fingerprint=D9:E0:FD:5C:AC:3E:E3:A5:3D:22:C5:71:06:CE:AF:5D:35:7F:E9:63:AD:0D:1E:9E:AE:44:DA:E0:41:FB:6C:C8
π Copy everything after
SHA256 Fingerprint=and use it astrusted-certin your config file.
-
Create a config file (recommended path:
~/.openfortivpn/config). -
Paste the following template into it (replace placeholders with real values):
host = YOUR_HOST port = 443 # Default Port username = YOUR_USERNAME set-dns = 1 pppd-use-peerdns = 1 dns-server = 10.127.1.10 dns-server = 10.127.1.11 trusted-cert = D9:E0:FD:5C:AC:3E:E3:A5:3D:22:C5:71:00:CE:AF:5D:35:7F:E9:63:AD:1D:1E:9E:AE:44:DA:E0:41:FB:6C:C8 log-level = info
-
Connect to Cloudflare WARP first, then run:
sudo openfortivpn -c ~/.openfortivpn/config -
Enter:
- Your admin password (sudo prompt).
- Your VPN password (Forti login).
-
Watch the logs for connection status.
-
If successful, test internal connectivity:
ping INTERNAL_HOST_ADDRESS
Goodbye ππΌπ¨