openfortivpn man page

openfortivpn — Client for PPP+SSL VPN tunnel services


openfortivpn [<host>:<port>] [-u <user>] [-p <pass>] [--no-routes] [--no-dns] [--trusted-cert=<digest>] [--pppd-log=<file>] [--pppd-plugin=<file>] [-c <file>] [-v|-q]
openfortivpn --help
openfortivpn --version


openfortivpn connects to a VPN by setting up a tunnel to the gateway at <host>:<port>.


Show this help message and exit.
Show version and exit.
-c <file>, --config=<file>
Specify a custom config file (default: /etc/openfortivpn/config).
-u <user>, --username=<user>
VPN account username.
-p <pass>, --password=<pass>
VPN account password.
Connect to the specified authentication realm. Defaults to empty, which is usually what you want.
Do not try to configure IP routes through the VPN when tunnel is up.
Do not add VPN nameservers in /etc/resolv.conf when tunnel is up.
Use specified PEM-encoded certificate bundle instead of system-wide store to verify the gateway certificate.
Use specified PEM-encoded certificate if the server requires authentication with a certificate.
Use specified PEM-encoded key if the server requires authentication with a certificate.
Trust a given gateway. If classical SSL certificate validation fails, the gateway certificate will be matched against this value. <digest> is the X509 certificate's sha256 sum. This option can be used multiple times to trust several certificates.
Set pppd in debug mode and save its logs into <file>.
Use specified pppd plugin instead of configuring the resolver and routes directly.
Increase verbosity. Can be used multiple times to be even more verbose.
Decrease verbosity. Can be used multiple times to be even less verbose.

Config File

Options can be taken from a configuration file. Options passed in the command line will override those from the config file, though. The default config file is /etc/openfortivpn/config, but this can be set using the -c option.

A config file looks like:
# this is a comment
host = vpn-gateway
port = 8443
username = foo
password = bar
trusted-cert = certificatedigest4daa8c5fe6c...
trusted-cert = othercertificatedigest6631bf...
set-dns = 1
set-routes = 1


January 26, 2015