You are not logged in.

Pages: 1

#1 2019-01-14 13:54:15

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Use FortiClient VPN with wifi connection...?

Hello guys,

First of all, I posted this already in the "Newbie Corner", and realized it was probably better off here. I hope that's not breaking any rules. Sorry for the double.

...

I'm not very good with Linux, it's all a learning experience for me, and I've been trying to set this up for about four hours, so please don't tell me to "search" or link some very-complicated explanation. If anyone can help me I'd very much appreciate that!

Anyway, I'm just trying to connect to my office network using a FortiClient VPN. I've tried all combinations of:

- Connecting to my home wifi using wpa-supplicant and simple profile setup
- Connecting to my home wifi using NetworkManager and the nm-applet
- Using the FortiClient VPN software plugin for nm-applet (https://aur.archlinux.org/packages/netw … slvpn-git/)
- Using openfortivpn on the command line
- Using forticlientsslvpn (https://aur.archlinux.org/packages/forticlientsslvpn/)

In the last two cases, everything *seems* to work, I get a two-factor authentication code sent to me, it accepts it, eveything seems to be okay, just the connection doesn't use the VPN. If I try to download from our office git repos or access our work intranet, it just acts exactly as if FortiClient wasn't running at all. I can also see (using forticlientsslvpn) that even though it's all setup and running, I'm recieving close to nothing (just a dribble of bytes). so FortiClient is up and running okay, it's just not running on my actual connection.

In the third-to-last case (using the nm-applet plugin), I can't connect because it doesn't seem to support two-factor authentication (I actually get the code sent to me, but there's no pop-up or anything to enter it into in the plug in).

The weird thing is, that I've had it set up with Arch Linux before and it worked fine (using the last option - forticlientsslvpn). I did a system re-install and now it just won't use the VPN.

I know this problem is not with the actual wifi network, as FortiClient works fine with exactly the same wifi network if I boot into a Windows installation on the same laptop.

Thanks very much for taking the time!

Last edited by wombatvvv (2019-01-14 13:59:36)

Offline

#2 2019-01-14 14:12:52

bugsmanagement
Member
Registered: 2017-04-21
Posts: 201

Re: Use FortiClient VPN with wifi connection...?

wombatvvv wrote:

- Using openfortivpn on the command line
- Using forticlientsslvpn (https://aur.archlinux.org/packages/forticlientsslvpn/)

In the last two cases, everything *seems* to work, I get a two-factor authentication code sent to me, it accepts it, eveything seems to be okay, just the connection doesn't use the VPN.

Hello there,

Just throwing darts into the wind here, was the networking bits setup correctly? And I noticed you didn't include any logs in your post? This would be the first good step to help diagnose the problem. 

journalctl --unit=NetworkManager --no-pager

# When connecting via below clients
ip a
ip r
cat /etc/resolv.conf

Output of FortiClient VPN, openfortivpn, forticlientsslvpn

Regards

Offline

#3 2019-01-14 14:45:09

2ManyDogs
Forum Fellow
Registered: 2012-01-15
Posts: 4,646

Re: Use FortiClient VPN with wifi connection...?

wombatvvv wrote:

First of all, I posted this already in the "Newbie Corner", and realized it was probably better off here. I hope that's not breaking any rules.

It is. Do not cross post. If you would like a thread moved, use the Report button.

I will leave this open because it has a reply, and close the other thread.

Offline

#4 2019-01-14 22:52:41

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

2ManyDogs wrote:
wombatvvv wrote:

First of all, I posted this already in the "Newbie Corner", and realized it was probably better off here. I hope that's not breaking any rules.

It is. Do not cross post. If you would like a thread moved, use the Report button.

I will leave this open because it has a reply, and close the other thread.

Okay, thanks for that.

Offline

#5 2019-01-14 23:25:15

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

bugsmanagement:

Thanks for your reply.

Well ... as far as I know the Networking bits were set up correctly ... they all work anyway. smile

It was very simple. When I connect through wpa_supplicant, it was just a matter of copying /etc/netctl/examples/wireless-wpa to /etc/netctl/, editing that profile file and starting the connection with netctl start <profile-name>, exactly as described on the Arch Linux networking pages.

But I don't use that, I use Network Manager. All I did for that was to install the NetworkManager and nm-applet packages (and networkmanager-fortisslvpn-git from the AUR), and that provided a GUI on my LX-panel system tray which I used to connect.

Is there anything else I should have done?

Okay ... regarding the logs. Here is the journalctl log that you asked for, while NetworkManager was running, since I booted in this morning. I did three things: connected with openfortivpn and tried to load a network page, then the same with forticlientsslvpn. You can see in the log that they didn't work properly, these are the two lines of output in the log at the times I used them to try and connect:

Jan 15 10:03:10 BlackBeauty NetworkManager[416]: <info>  [1547542990.0158] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/4)
Jan 15 10:06:16 BlackBeauty NetworkManager[416]: <info>  [1547543176.9768] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/5)

... lastly I used the nm-applet forticlient VPN functionality to try and connect ... you can see that it's doing something here a bit more substantial than the last two, the problem is that applet doesn't supply the functionality for two-factor authentication, and I'm too dumb to figure out what's going here ...

... this is the full log output. The bit I'm talking about is right at the end.

-- Reboot --
Jan 15 09:50:21 BlackBeauty systemd[1]: Starting Network Manager...
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.0856] NetworkManager (version 1.14.5dev+17+gba83251bb-1) is starting... (for the first time)
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.0857] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 20-connectivity.conf)
Jan 15 09:50:21 BlackBeauty systemd[1]: Started Network Manager.
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.0909] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager"
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.0935] manager[0x559527952060]: monitoring kernel firmware directory '/lib/firmware'.
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.2344] hostname: hostname: using hostnamed
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.2344] hostname: hostname changed from (none) to "BlackBeauty"
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.2346] dns-mgr[0x55952795f130]: init: dns=default, rc-manager=symlink
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.2350] rfkill0: found WiFi radio killswitch (at /sys/devices/platform/acer-wmi/rfkill/rfkill0) (platform driver acer-wmi)
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.2457] manager[0x559527952060]: rfkill: WiFi hardware radio set enabled
Jan 15 09:50:21 BlackBeauty NetworkManager[416]: <info>  [1547542221.2458] manager[0x559527952060]: rfkill: WWAN hardware radio set enabled
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4647] settings: Loaded settings plugin: NMSKeyfilePlugin (internal)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4658] settings: Loaded settings plugin: NMSIbftPlugin ("/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-settings-plugin-ibft.so")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4670] keyfile: new connection /etc/NetworkManager/system-connections/Office.nmconnection (07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4679] keyfile: new connection /etc/NetworkManager/system-connections/E1000 5.nmconnection (f1560635-2acf-446c-bd22-4ae20b2987e5,"E1000 5")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4690] keyfile: new connection /etc/NetworkManager/system-connections/E1000 4.nmconnection (2559abf8-5a04-4311-8dc3-0895e1ab202c,"E1000 4")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4698] keyfile: new connection /etc/NetworkManager/system-connections/E1000 3.nmconnection (40f64dd7-f2bc-4008-aee7-54b9cee28d86,"E1000 3")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4707] keyfile: new connection /etc/NetworkManager/system-connections/E1000 2.nmconnection (64a941fe-df0e-4bba-9efe-ab3cbad66e2c,"E1000 2")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4717] keyfile: new connection /etc/NetworkManager/system-connections/E1000 1.nmconnection (00878c4a-e0e5-45a6-8380-e45591d79fba,"E1000 1")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4728] keyfile: new connection /etc/NetworkManager/system-connections/E1000.nmconnection (80abb35e-0ceb-4055-85f7-f929644a42a2,"E1000")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4748] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4748] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4749] manager: Networking is enabled by state file
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4750] dhcp-init: Using DHCP client 'internal'
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4767] Loaded device plugin: NMWifiFactory (/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-device-plugin-wifi.so)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4812] Loaded device plugin: NMBluezManager (/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-device-plugin-bluetooth.so)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4817] Loaded device plugin: NMWwanFactory (/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-device-plugin-wwan.so)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4933] Loaded device plugin: NMTeamFactory (/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-device-plugin-team.so)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4938] Loaded device plugin: NMOvsFactory (/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-device-plugin-ovs.so)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4947] Loaded device plugin: NMAtmManager (/usr/lib/NetworkManager/1.14.5dev+17+gba83251bb-1/libnm-device-plugin-adsl.so)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4951] wifi-nl80211: (wlp2s0): using nl80211 for WiFi device control
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4959] device (lo): carrier: link connected
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4961] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4969] manager: (enp3s0f1): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4981] keyfile: add connection /var/run/NetworkManager/system-connections/Wired connection 1.nmconnection (68ecb70d-8215-3f32-ace7-755bcc5d1d91,"Wired connection 1")
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4984] settings: (enp3s0f1): created default wired connection 'Wired connection 1'
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.4987] device (enp3s0f1): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.6021] device (wlp2s0): driver supports Access Point (AP) mode
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.6032] manager: (wlp2s0): new 802.11 WiFi device (/org/freedesktop/NetworkManager/Devices/3)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.6103] rfkill3: found WiFi radio killswitch (at /sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0/ieee80211/phy0/rfkill3) (driver ath10k_pci)
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.6112] ovsdb: Could not connect: No such file or directory
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.6160] device (wlp2s0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
Jan 15 09:50:22 BlackBeauty NetworkManager[416]: <info>  [1547542222.9555] device (wlp2s0): set-hw-addr: set MAC address to DE:87:4F:76:46:C5 (scanning)
Jan 15 09:50:23 BlackBeauty NetworkManager[416]: <info>  [1547542223.2279] supplicant: wpa_supplicant running
Jan 15 09:50:23 BlackBeauty NetworkManager[416]: <info>  [1547542223.2279] device (wlp2s0): supplicant interface state: init -> starting
Jan 15 09:50:23 BlackBeauty NetworkManager[416]: <info>  [1547542223.3159] sup-iface[0x559527956980,wlp2s0]: supports 5 scan SSIDs
Jan 15 09:50:23 BlackBeauty NetworkManager[416]: <info>  [1547542223.3173] device (wlp2s0): supplicant interface state: starting -> ready
Jan 15 09:50:23 BlackBeauty NetworkManager[416]: <info>  [1547542223.3174] device (wlp2s0): state change: unavailable -> disconnected (reason 'supplicant-available', sys-iface-state: 'managed')
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1692] policy: auto-activating connection 'E1000 1' (00878c4a-e0e5-45a6-8380-e45591d79fba)
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1708] device (wlp2s0): Activation: starting connection 'E1000 1' (00878c4a-e0e5-45a6-8380-e45591d79fba)
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1711] device (wlp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1718] manager: NetworkManager state is now CONNECTING
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1733] device (wlp2s0): set-hw-addr: reset MAC address to F8:28:19:58:46:97 (preserve)
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1787] device (wlp2s0): supplicant interface state: ready -> disabled
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1788] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1791] device (wlp2s0): Activation: (wifi) access point 'E1000 1' has security, but secrets are required.
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1791] device (wlp2s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1793] sup-iface[0x559527956980,wlp2s0]: wps: type pbc start...
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1809] device (wlp2s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1813] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1816] device (wlp2s0): Activation: (wifi) connection 'E1000 1' has security, and secrets exist.  No new secrets needed.
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1816] Config: added 'ssid' value 'E1000'
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1816] Config: added 'scan_ssid' value '1'
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1816] Config: added 'bgscan' value 'simple:30:-80:86400'
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1817] Config: added 'key_mgmt' value 'WPA-PSK'
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1817] Config: added 'auth_alg' value 'OPEN'
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.1817] Config: added 'psk' value '<hidden>'
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.2457] device (wlp2s0): supplicant interface state: disabled -> inactive
Jan 15 09:50:28 BlackBeauty NetworkManager[416]: <info>  [1547542228.2655] device (wlp2s0): supplicant interface state: inactive -> scanning
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.1596] device (wlp2s0): supplicant interface state: scanning -> authenticating
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.1668] device (wlp2s0): supplicant interface state: authenticating -> associating
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.1762] device (wlp2s0): supplicant interface state: associating -> associated
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.1849] device (wlp2s0): supplicant interface state: associated -> 4-way handshake
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.2099] device (wlp2s0): supplicant interface state: 4-way handshake -> completed
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.2099] device (wlp2s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "E1000"
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.2100] device (wlp2s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:33 BlackBeauty NetworkManager[416]: <info>  [1547542233.2103] dhcp4 (wlp2s0): activation: beginning transaction (timeout in 45 seconds)
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3779] dhcp4 (wlp2s0):   address 192.168.1.113
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3780] dhcp4 (wlp2s0):   plen 24
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3780] dhcp4 (wlp2s0):   expires in 86400 seconds
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3781] dhcp4 (wlp2s0):   nameserver '1.1.1.1'
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3781] dhcp4 (wlp2s0):   nameserver '1.0.0.1'
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3781] dhcp4 (wlp2s0):   gateway 192.168.1.1
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3811] dhcp4 (wlp2s0): state changed unknown -> bound
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3832] device (wlp2s0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3848] device (wlp2s0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3853] device (wlp2s0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3862] manager: NetworkManager state is now CONNECTED_LOCAL
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3892] manager: NetworkManager state is now CONNECTED_SITE
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3893] policy: set 'E1000 1' (wlp2s0) as default for IPv4 routing and DNS
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3909] device (wlp2s0): Activation: successful, device activated.
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3914] manager: startup complete
Jan 15 09:50:38 BlackBeauty NetworkManager[416]: <info>  [1547542238.4755] manager: NetworkManager state is now CONNECTED_GLOBAL
Jan 15 09:51:20 BlackBeauty NetworkManager[416]: <info>  [1547542280.3271] agent-manager: req[0x559527a0b430, :1.33/org.freedesktop.nm-applet/1000]: agent registered
Jan 15 10:03:10 BlackBeauty NetworkManager[416]: <info>  [1547542990.0158] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/4)
Jan 15 10:06:16 BlackBeauty NetworkManager[416]: <info>  [1547543176.9768] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/5)
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9627] audit: op="connection-activate" uuid="07e694ca-e8b4-47ed-94a4-fdbd5d37f195" name="Office" pid=587 uid=1000 result="success"
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9668] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: Started the VPN service, PID 1574
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9740] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: Saw the service appear; activating connection
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9776] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN connection: (ConnectInteractive) reply received
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9796] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: state changed: starting (3)
Jan 15 10:07:18 BlackBeauty NetworkManager[416]: INFO:   Connected to gateway.
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: Two-factor authentication token:
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: ERROR:  No token specified
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: ERROR:  Could not authenticate to gateway. Please check the password, client certificate, etc.
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: INFO:   Closed connection to gateway.
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: INFO:   Logged out.
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <warn>  [1547543243.2175] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: failed: connect-failed (1)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <warn>  [1547543243.2177] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: failed: connect-failed (1)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <info>  [1547543243.2178] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: state changed: stopping (5)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <info>  [1547543243.2181] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: state changed: stopped (6)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <info>  [1547543243.2209] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN service disappeared

... this is the output of 'ip a' with forticlientsslvpn running. The last entry (number 6) doesn't appear if the fortinclientsslvpn isn't running. The fact that it says "state DOWN" I guess is a problem ...

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 98:29:a6:31:8d:0b brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f8:28:19:58:46:97 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.113/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp2s0
       valid_lft 84651sec preferred_lft 84651sec
    inet6 fe80::a942:4b9e:f2eb:e5d7/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
6: ppp0: <POINTOPOINT,MULTICAST,NOARP> mtu 1354 qdisc noop state DOWN group default qlen 3
    link/ppp

'ip b' simply returns "Object b is unknown".

cat /etc/resolv.conf with forticlientsslvpn running:

# Generated by resolvconf
nameserver 10.99.32.13
nameserver 10.99.32.14

.. and without forticlientsslvpn running:

nameserver 1.1.1.1
nameserver 1.0.0.1

... I'm sorry I'm not knowledgeable enough to figure this out on my own, but I really appreciate the help, and I'm learning as I go ... smile

Last edited by wombatvvv (2019-01-14 23:26:46)

Offline

#6 2019-01-15 01:53:29

bugsmanagement
Member
Registered: 2017-04-21
Posts: 201

Re: Use FortiClient VPN with wifi connection...?

wombatvvv wrote:

Well ... as far as I know the Networking bits were set up correctly ... they all work anyway.

wombatvvv wrote:

    - Using openfortivpn on the command line
    - Using forticlientsslvpn (https://aur.archlinux.org/packages/forticlientsslvpn/)

    In the last two cases, everything *seems* to work, I get a two-factor authentication code sent to me, it accepts it, eveything seems to be okay, just the connection doesn't use the VPN.

When you were connected

wombatvvv wrote:

But I don't use that, I use Network Manager. All I did for that was to install the NetworkManager

wombatvvv wrote:

In the third-to-last case (using the nm-applet plugin), I can't connect because it doesn't seem to support two-factor authentication

I thought 2-factor doesn't work with Network Manager?

wombatvvv wrote:

In the last two cases, everything *seems* to work, I get a two-factor authentication code sent to me, it accepts it, eveything seems to be okay, just the connection doesn't use the VPN.

wombatvvv wrote:

- Using openfortivpn on the command line
- Using forticlientsslvpn (https://aur.archlinux.org/packages/forticlientsslvpn/)

bugsmanagement wrote:

Output of FortiClient VPN, openfortivpn, forticlientsslvpn

wombatvvv wrote:

'ip b' simply returns "Object b is unknown".

bugsmanagement wrote:
ip a
ip r
wombatvvv wrote:

I'm sorry I'm not knowledgeable enough to figure this out on my own, but I really appreciate the help, and I'm learning as I go

I can help seeing what the client does and determine if they setup the networking bits correctly.

Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3779] dhcp4 (wlp2s0):   address 192.168.1.113
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3780] dhcp4 (wlp2s0):   plen 24
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3780] dhcp4 (wlp2s0):   expires in 86400 seconds
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3781] dhcp4 (wlp2s0):   nameserver '1.1.1.1'
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3781] dhcp4 (wlp2s0):   nameserver '1.0.0.1'
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3781] dhcp4 (wlp2s0):   gateway 192.168.1.1
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3811] dhcp4 (wlp2s0): state changed unknown -> bound
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3832] device (wlp2s0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3848] device (wlp2s0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Jan 15 09:50:36 BlackBeauty NetworkManager[416]: <info>  [1547542236.3853] device (wlp2s0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')

Is this you simply connected to a Wifi network?

Jan 15 10:03:10 BlackBeauty NetworkManager[416]: <info>  [1547542990.0158] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/4)
Jan 15 10:06:16 BlackBeauty NetworkManager[416]: <info>  [1547543176.9768] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/5)
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9627] audit: op="connection-activate" uuid="07e694ca-e8b4-47ed-94a4-fdbd5d37f195" name="Office" pid=587 uid=1000 result="success"
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9668] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: Started the VPN service, PID 1574
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9740] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: Saw the service appear; activating connection
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9776] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN connection: (ConnectInteractive) reply received
Jan 15 10:07:14 BlackBeauty NetworkManager[416]: <info>  [1547543234.9796] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: state changed: starting (3)
Jan 15 10:07:18 BlackBeauty NetworkManager[416]: INFO:   Connected to gateway.
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: Two-factor authentication token:
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: ERROR:  No token specified
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: ERROR:  Could not authenticate to gateway. Please check the password, client certificate, etc.
Jan 15 10:07:20 BlackBeauty NetworkManager[416]: INFO:   Closed connection to gateway.
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: INFO:   Logged out.
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <warn>  [1547543243.2175] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: failed: connect-failed (1)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <warn>  [1547543243.2177] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: failed: connect-failed (1)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <info>  [1547543243.2178] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: state changed: stopping (5)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <info>  [1547543243.2181] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN plugin: state changed: stopped (6)
Jan 15 10:07:23 BlackBeauty NetworkManager[416]: <info>  [1547543243.2209] vpn-connection[0x559527a3a160,07e694ca-e8b4-47ed-94a4-fdbd5d37f195,"Office",0]: VPN service disappeared

This because of 2fa?

Offline

#7 2019-01-15 05:34:36

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

Yeah, the first one is just me connected without any FortiVPN client running.

The second one is when I try and use the plugin for the nm-applet to enable FortiVPN, the problem being is that it never asks me to verify the two-factor-authentication, it just bombs out.

Offline

#8 2019-01-21 00:13:19

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

FYI ... this issue is still unresolved and I'm still hoping to find a solution! smile

Offline

#9 2019-01-21 00:18:28

2ManyDogs
Forum Fellow
Registered: 2012-01-15
Posts: 4,646

Re: Use FortiClient VPN with wifi connection...?

wombatvvv wrote:

FYI ... this issue is still unresolved and I'm still hoping to find a solution! smile

Please don't do that.

Offline

#10 2019-02-03 12:38:28

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

2ManyDogs wrote:
wombatvvv wrote:

FYI ... this issue is still unresolved and I'm still hoping to find a solution! smile

Please don't do that.

... okay. Well, I do hope that if the issue is "obvious", as pointed out in the rules that you've linked there, that somebody tells me anyway, because I can't see it! big_smile

Likewise, if I need to provide more information, of course I'm happy to that, I just don't know what information to supply. sad

Offline

#11 2019-02-03 23:33:36

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

I have some more information which might be useful.

When I try and login with the command-line openfortivpn tool, I can see that there is an error:

"Timed out waiting for the ppp interface to be UP":

$ sudo openfortivpn -c office-network

INFO:   Connected to gateway.
Two-factor authentication token: 
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
ERROR:  Timed out waiting for the ppp interface to be UP.
INFO:   Cancelling threads...
INFO:   pppd: The link was terminated by the modem hanging up.
INFO:   Terminated pppd.
INFO:   Closed connection to gateway.
INFO:   Logged out.

I can see after I run openfortivpn on the command line, if I type "ip link", that there is a new interface called "ppp0", and it's state is listed as "DOWN":

$ ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp3s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 98:29:a6:31:8d:0b brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether f8:28:19:58:46:97 brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP> mtu 1354 qdisc noop state DOWN mode DEFAULT group default qlen 3
    link/ppp

I tried to manually set it to "UP" after entering the two-factor authentication and before openfortivpn times out, but it doesn't seem to work (just goes to UNKNOWN):

$ sudo ip link set dev ppp0 up

$ ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp3s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 98:29:a6:31:8d:0b brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether f8:28:19:58:46:97 brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1354 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 3
    link/ppp

I hope this new information might help someone who actually knows what they're doing to figure this out for me. Thanks for your time.

Last edited by wombatvvv (2019-02-03 23:35:02)

Offline

#12 2019-02-14 05:34:18

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: Use FortiClient VPN with wifi connection...?

Okay, so I guess FortiClient VPN just does not work with Arch Linux, full stop?

It definitely used to.

Should I raise this as a bug or something? Is there something else I should do to help solve this issue, short of coding it myself which I am unable to do?

Offline

#13 2019-02-14 06:12:06

bugsmanagement
Member
Registered: 2017-04-21
Posts: 201

Re: Use FortiClient VPN with wifi connection...?

wombatvvv wrote:

Okay, so I guess FortiClient VPN just does not work with Arch Linux, full stop?

It definitely used to.

Should I raise this as a bug or something? Is there something else I should do to help solve this issue, short of coding it myself which I am unable to do?

Hello,

You could raise the issue with the developer of the client? 

INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete
INFO:   Got addresses: [10.99.212.2], ns [10.99.32.13, 10.99.32.14]
INFO:   negotiation complete

Nevertheless, this seem dubious to me and might be the source of the problem. You don't have firewall between you and Internet or the office needs to put you on some firewall whitelist? The output is tagged with 'INFO', perhaps raising the logging level might shed more light? Eg, verbose, debuglevel, loglevel, etc. Consult the man page.

Regards

Offline

Pages: 1

Board footer

Powered by FluxBB