Forticlient Blank Screen on Fedora Linux

as far as  I read now that is not a problem with forticlient but more some bug in the fontconfig package shipped with fedora. 

There is entries in their bugtracker: https://bugzilla.redhat.com/show_bug.cgi?id=1770450 

I did not yet find a workaround except from (prolly manually) update fontconfig.

At least that's the only warning or errror that is shown in your quote. 

CentOS/Fedora/Redhat should be compatible though...

Thank you for the reply, that gives me at least a hint of where to look for a further solution. I will report back if I manage to fix it by fiddling with fontconfig!

the fontconfig message thus is just a warning. So it might not be the actual reason...

You could try to execute 'strace forticlient' to see what it does and opens etc.

(you might first have to install strace).

the strace will give you a load of information so you will have to have a closer look...

Tested on FC32, FC35, FC36 and FC37. - Seeing the same, and some observations in differences between deb and rpm is that '/usr/bin/forticlient -> /opt/forticlient/forticlient-cli' is lacking on Fedora.  Maybe /opt/forticlient/fortivpn is the same as forticlient-cli on Ubuntu/Debian.

If I start 'FortiClient gui' manually

$ /opt/forticlient/gui/FortiClient-linux-x64/FortiClient gui
Platform detected: fedora 1
22:40:00.616 › Platform detected: fedora
[ '/opt/forticlient/gui/FortiClient-linux-x64/FortiClient' ] 1
22:40:00.619 › [ '/opt/forticlient/gui/FortiClient-linux-x64/FortiClient' ]
Saml - init 1
22:40:00.660 › Saml - init
compliance configDir=/home/user1/.config/FortiClient/config 1
22:40:01.226 › compliance configDir=/home/user1/.config/FortiClient/config
did-finish-load 1
22:40:01.230 › did-finish-load
ready-to-show 1
22:40:01.232 › ready-to-show

   and then I get a white blank screen. 

   How about doing some simple QC before shipping your software?  Any suggestions are appreciated. 

- Tested on "baremetal" installs of FC37

- xfs (fontserver is running), font-manager works

- forticlient.service is running

- directory /var/log/forticlient/ exists and logs present

- Using X11 w/Wayland support

- 'ldd FortiClient' show all libraries resolves

- Tested  7.0.7.0246, 7.0.8.xxx and 7.2.0.0644  

- inxi X11 config:
   Display: x11 server: X.Org v: 1.20.14 with: Xwayland v: 22.1.8
compositor: gnome-shell driver: X: loaded: modesetting,nvidia
unloaded: fbdev,nouveau,vesa alternate: nv dri: iris gpu: i915
display-ID: :1.0 screens: 1
Screen-1: 0 s-res: 7680x2160 s-dpi: 96
Monitor-1: DP-1 mapped: DP-1-1 pos: left model: Dell U2720Q res: 3840x2160
dpi: 163 diag: 685mm (27")
Monitor-2: eDP-1 mapped: eDP-1-1 pos: primary,right model: Sharp 0x148d
res: 3840x2160 dpi: 284 diag: 395mm (15.5")
API: OpenGL v: 4.6.0 NVIDIA 530.30.02 renderer: Quadro P2000/PCIe/SSE2
direct-render: Yes

      I want to decommission the Aruba VPN controller, but as long as the forticlient isn't on par  with the Aruba VIA VPN client on all platforms (Android, IOS, MacOSX, Linux (deb/rpm) and Windows), that's not happening.  

Thanks!

Some progress. forticlient-7.0.8.0292.1.el7 finally works on FC37 with the latest updates and Mate 1.26.1 window manager.

On my main machine with Gnome 43.3, it still does not.  

To comment on this, as I see I never reported back on this (to be fair, I said I'd report back if I'd manage to set things up, I didn't).

I found Forticlient works "fine" for me on Fedora 37 Workstation (both on GNOME as DE, and I also tried on the KDE spin in a virtual machine). I run Fedora Silverblue on my personal laptop however, and it is there it is having these issues.

So it is compatible enough with Fedora itself. However, it has difficulties with the immutable filesystem from Fedora Silverblue. It's been a while since I've looked into this in detail, but I think vovan might be on to something and it might have issues with creating a valid folder in /var/forticlient.

Unfortunately this is not something I've been able to resolve, other than using a VM for my forticlient VPN needs, and it may need some fundemental changes to the client's code to fix this (just guessing) while only a very small subset of the overall market uses immutable Linux distro's. Personally I believe it's the future, so maybe at one point it will be properly supported, but as of right now (March 2023) I don't think it's possible to run Forticlient on Fedora Silverblue.

I am having the same issue on Fedora Silverblue 38 (black GUI app, `fortivpn` CLI always gets an error). Forticlient VPN `7.0.7.0246`.

I was able to debug and understand the issue.

Forticlient has a system service and clients such as CLI and GUI, they communicate via an HTTP API.

One of forticlient service components, `confighandler`, is responsible for accepting connection from clients; upon receiving a request it will try to identify the calling process (by looking through `procfs`) and verify it is a 'forticlient' process. It does that by comparing process executable path with `/opt/forticlient` which it should match exactly from the beginning. Security you may ask... just cringe.

This check is not true on `rpm-ostree` systems because of the way `rpm`s in `/opt` are implemented (installed into `/usr/lib/opt/`) and even beside that - `/opt` is a symlink to `/var/opt`.

I was able to patch the binary to amend the check into looking for `/opt/forticlient` substring in the client binary path and clients indeed started working (UI now loads and CLI works).

All in all - I still can't use the bloody Forticlient. Turns out it doesn't even work on regular Workstation (38) (with SSO/SAML - doesn't connect fully) and it didn't on Silverblue.

For SAML/SSO you can use `openfortivpn` CLI by logging in manually in the browser and specifying the cookie to the client.

P.S.

To rant and vent a bit more - there are so many things wrong with Forticlient...

1. It is not normal to deliver files to `/opt` in a package manager delivered SW (rpm/deb)! If you package it - it should go into `/usr` directly (at least that's a Debian policy which makes it very clear). This would have avoided the problem.

2. Why that client 'check'? Does it achieve anything, seriously? This would have avoided the problem.

3. Oh, and the server components (running as root) look for a user DBus session to do something with it. I'm sorry, but WTF!? You have a 'client' (GUI or CLI which runs as user) to do it for god sake!

4. `confighandler` still tries to write something to `/opt/forticlient/` - `fctinstalled.tm` file. I believe it does not fail if it can't, but nevertheless.

5. None of installed binaries are available in PATH (although there is a CLI program) - see bullet 1.

TLDR - We're all better off using openfortivpn and other open clients.

I had the same "blank GUI" problem on Fedora Silverblue 39, and I was able to work around it by simply running:

sudo /opt/forticlient/vpn -s vpn.fqdn.com -u username -p

And that somehow worked with the inputted password, no GUI required.

Hello!
Anything new about this problem?
Same thing here with Fedora 40 Silverblue and Forticlient (7.4) from the repo (Centos/8)...