Skip to content

Home

Jump to bottom
gm-vm edited this page Jun 13, 2022 · 2 revisions

openfortivpn-webview is meant to be used together with openfortivpn with these changes.

The following shows how you can use the two programs in a convenient way.

Setup

Note: you can replace myvpn with whatever string you want. The important thing is that you do it consistently everywhere.

Create /usr/local/bin/myvpn_start, which is simply a script that launches openfortivpn. Having such script allows to launch openfortivpn as root with no password while not allowing the use of "dangerous" options.

The content of the script is the following. Replace XXXX with your own arguments:

#!/bin/sh
openfortivpn --cookie-on-stdin XXXX

Create /etc/sudoers.d/99-myvpn_start with the following content to let the members of the sudo group run myvpn_start without providing any password:

%sudo ALL=(ALL) NOPASSWD: /usr/local/bin/myvpn_start

Prefer creating this file with the following command:

sudo visudo /etc/sudoers.d/99-myvpn_start

Create /usr/local/bin/myvpn with the following content. Replace XXXX with proper arguments:

#!/bin/sh
if [ $(id -u) -eq 0 ]; then
    echo "Do not run this script as root"
    exit 1
fi
while true; do
    cookie=$(openfortivpn-webview XXXX 2>/dev/null)
    if [ $? -ne 0 ]; then
        # Exit if the browser window has been closed manually.
        exit 0
    fi
    echo "$cookie" | sudo myvpn_start
done

Make sure the scripts have proper permissions:

sudo chown root:root /usr/local/bin/myvpn_start
sudo chown root:root /usr/local/bin/myvpn
sudo chmod 0755 /usr/local/bin/myvpn_start
sudo chmod 0755 /usr/local/bin/myvpn

Run it

Once you are done with the setup, you can start the VPN simply executing myvpn.

Do note that myvpn behaves as if you passed the --persistent to openfortivpn by trying to restart the VPN when it dies. However, since you need to retrieve the cookie, the VPN will not start until openfortivpn-webview has retrieved the cookie.

The script will also exit if you close the browser window manually.

Run it in background

If you wish to have the tunnel run in background, you can use nohup, tmux or screen. nohup is the simplest of the three, but it is more limited.

If you want to use tmux or screen and always want openfortivpn to run within them, change /usr/local/bin/myvpn as follows:

#!/bin/sh
tmux_session_name="My VPN" # Change this to whatever you like

if [ $(id -u) -eq 0 ]; then
    echo "Do not run this script as root"
    exit 1
fi

if [ "$1" = "is_tmux" ]; then
    while true; do
        cookie=$(openfortivpn-webview XXXX 2>/dev/null)
        if [ $? -ne 0 ]; then
            # Exit if the user the browser window has been closed manually.
            exit 0
        fi
        echo "$cookie" | sudo myvpn_start
    done
else
    tmux new-session -A -s "$tmux_session_name" sh -c "$0 is_tmux"
fi
Clone this wiki locally