Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortclient VPN Client Linux - IPSEC (April 2024) key store issue



Is it still true that Linux Forticlient still does not support IPSEC CLI configuration when using FortiClient (I was following )?


I aim was to replicate Macosx forticlient IPsec configuration onto Ubuntu 22 (against a small 40F / 70F with tested and working IPSEC VPN configuration).


I got Forticlient installed following  , which, as of today (5th of April 24) installs as on Ubuntu 22.04 LTS, and IPsec functionality does seem to be there, but then the configuration goes somehow pearshaped (I only got sudo apt install gnome-keyring to improve the situation slightly but still got an issue - not sure if this is expected - it looks like it somehow uses GUI key chain infra, even when explicitly operating in CLI space so "forticlient vpn ..."(VPN CLI interface)).


ubuntu@server:~$ forticlient vpn edit newprofile
Create new VPN profile: newprofile
Type (1.SSL VPN / 2.IPsec VPN) [default=1]: 2
Remote Gateway: x.x.x.x

Port [default=443]: 500 <======= why is it treating IPsec as tcp/443 to start with?
Authentication (1.prompt / / 3.disable) [default=1]: <=regardles of what the option is, below error message always pops up (I suppose all three operations require access to key store)
Certificate Type (1.local (pkcs12) / 2.smartcard (pkcs11) / 3.disable) [current=disable]:
Unable to use system's key store: Object does not exist at path “/org/freedesktop/secrets/collection/login”.


I run out of ideas how to fix that.


When I try the SSL configuration with Forticlient - I am getting stuck in the very same place - "Unable to use system's key store". Why does Forticlient not let me stay away from GUI?


Am I doing something fundamentally silly?


For the moment, there is still no support for this feature.

The reason for it is because you don't need a specific client for that, you should "simply" use the Linux IPSec stack properly.
You may try to request a new feature for future FortiClient releases.


Could you please give additional details? It looks like we are using the stack properly.

Is there any document to explain this?

Top Kudoed Authors