| View previous topic :: View next topic |
| Author |
Message |
Dachnaz
Tux's lil' helper
Joined: 01 Apr 2005
Posts: 76
Location: Minneapolis, MN, USA
|
 Posted: Sat Apr 05, 2014 2:05 pm Post subject: FortiClient SSLVPN cannot set routes |
 |
|
Hi all,
I'm trying to connect to my SSLVPN using FortiClient 4.0. It works well in Windows (did I just say that? :X), and will connect and open the tunnel in Gentoo, but never sets the ppp0 interface up. While my Internet connection continues functioning as if it were not tunneled, if I use the table prints the header and nothing else, and the terminal locks and does not return to prompt until the FortiClient process is killed. When the process dies, the route table finishes printing, returning the default route for my non-tunneled lan connection. Works no better when run as root, same effect on wlan and ethernet.
Thoughts?
Thanks!
Dachnaz |
|
| Back to top |
|
 |
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21600
|
| Posted: Sat Apr 05, 2014 3:23 pm Post subject: |
|
|
| A hang when trying to print the routes might be a DNS stall, but sounds more like a bug. I do not see anything like this client in Portage. What overlay provides this? What files does it install? |
|
| Back to top |
|
|
Dachnaz
Tux's lil' helper
Joined: 01 Apr 2005
Posts: 76
Location: Minneapolis, MN, USA
|
| Posted: Sat Apr 05, 2014 3:38 pm Post subject: |
|
|
It's in flavour (layman). It installs the binary FortiClient to /opt/forticlient-sslvpn, along with a couple scripts there in helper/ .
Thanks for the tip on the DNS stall. It looks like the client calls /etc/ppp/ip-up so I'll poke around in the ip-up.d scripts to see what's going on. There is one called 40-dns.sh, hmm. |
|
| Back to top |
|
|
Dachnaz
Tux's lil' helper
Joined: 01 Apr 2005
Posts: 76
Location: Minneapolis, MN, USA
|
| Posted: Tue Apr 15, 2014 4:51 pm Post subject: |
|
|
Figured it out, thanks to your tips.
Forticlient-SSLVPN uses a script in /opt/forticlient-sslvpn/helper/sysconfig.linux.sh which uses improper syntax while running an ifconfig command to set a gateway. Change line 64 to
| Code: | | addr=`ifconfig $ifn |grep "inet"|awk ' {print $2 }'` |
and you're good to go. |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Apr 15, 2014 11:26 pm Post subject: |
|
|
| Dachnaz wrote: | | Code: | | addr=`ifconfig $ifn |grep "inet"|awk ' {print $2 }'` |
|
Dachnaz ... alternately ...
| Code: | | addr=`ifconfig $ifn |awk '/inet/{split($2,ip,":"); print ip[2]}'` |
... or using iproute2 ...
| Code: | | addr=`ip addr show $ifn |awk '/inet/{split($2,ip,"/"); print ip[1]}'` |
... or, using bash exclusively ...
| Code: | | addr=$(ip addr show $ifn |{read r ; read r ; read r a r ; echo ${a%/*}}) |
... my perfered for such things is zsh (though obviously this isn't useful in the above)
| Code: | | addr=${$(ip -o -4 addr show $ifn)[4]:h} |
best ... khay |
|
| Back to top |
|
|
|
Networking & Security
