-
Notifications
You must be signed in to change notification settings - Fork 326
Home
Martin Hecht edited this page Nov 15, 2018
·
26 revisions
- Run openfortivpn in verbose mode using command line option
-v. - Retrieve the pppd log using command line option
--pppd-log. Some issues are related to pppd which is forked by openfortivpn.
- Create a new ticket under Issues instead of adding comments to existing issues. Similar symptoms do not necessarily mean identical causes.
- Specify the versions of the operating system and openfortivpn.
- Provide the verbose openfortivpn output obtained with command line option
-vand the pppd log obtained with command line option--pppd-log. Remember to redact confidential information such as IP addresses.
- run
openfortivpnwith--no-routeflag, or addset-routes = 0in your configuration file - create a ppp script when link is up:
sudo touch /etc/ppp/ip-up.d/fortivpn - make it executable:
sudo chmod a+x /etc/ppp/ip-up.d/fortivpn - add your own routes. I've decided to look up domains by their name:
#!/bin/bash
#
# Whitelist here all domains that need to go through FortiVPN
# Domains are separated by a space
#
domains='example.com example.fr'
let ip
for domain in $domains; do
ip=`dig +short $domain | tail -n1`
route add $ip dev ppp0
done
- check the created routes:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.10.254 0.0.0.0 UG 600 0 0 wlp3s0
one.one.one.one * 255.255.255.255 UH 0 0 0 ppp0
IP-OF-FIRST-DOMAIN * 255.255.255.255 UH 0 0 0 ppp0
IP-OF-SECOND-DOMAIN * 255.255.255.255 UH 0 0 0 ppp0
link-local * 255.255.0.0 U 1000 0 0 br-cc6b09fa8986
172.16.238.0 * 255.255.255.0 U 0 0 0 br-30ec352ff3e1
172.17.0.0 * 255.255.0.0 U 0 0 0 docker0
172.18.0.0 * 255.255.0.0 U 0 0 0 br-44b22a74e13d
172.19.0.0 * 255.255.0.0 U 0 0 0 br-cc6b09fa8986
172.20.0.0 * 255.255.0.0 U 0 0 0 br-2718c069c2ed
192.168.10.0 * 255.255.255.0 U 600 0 0 wlp3s0
- check your IP: https://duckduckgo.com/?q=what%27s+my+ip&t=lm&atb=v110-5_h&ia=answer It should be your regular IP, while you should have access to white-listed domains through the VPN.