Hello,
I'm trying to configure a simple SSL VPN using FortiClient on a fresh install of Ubuntu 22.04.4 LTS.
Fortigate seems to be correctly configured (7.2.8): used from MacOSX, and Windows works flawlessly.
I'm installing a Linux Fortinate client using CLI (no GUI) - FortiClient Version: 7.2.4.0809 (installed following section "Ubuntu 22.04 LTS" for 7.2 from https://www.fortinet.com/support/product-downloads/linux ).
Setting up a new connection seems trivial:
ubuntu@ip:~$ forticlient vpn edit myvpn
=====================
Edit personal VPN profile:myvpn
=====================
Type (1.SSL VPN / 2.IPsec VPN) [default=1]: 1
Remote Gateway: 1.2.3.4
Port [default=443]: 7443
Authentication (1.prompt / 2.save / 3.disable) [current=prompt]:1
Certificate Type (1.local (pkcs12) / 2.smartcard (pkcs11) / 3.disable) [current=disable]:3
Hovewer, after the last response during the above configuration stage, I was initially getting:
Unable to use system's key store: The name org.freedesktop.secrets was not provided by any .service files.
DONE.
After that, I found the information below should alleviate the issue (please remember that my environment is CLI only):
sudo apt install gnome-keyring
This changed the error to:
Unable to use system's key store: Object does not exist at path “/org/freedesktop/secrets/collection/login”.
DONE.
Also, ignoring the above errors (if this is not just an informational message) and trying:
ubuntu@ip:~$ forticlient vpn connect myvpn
I am getting the following error:
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string::substr: __pos (which is 26) > this->size() (which is 24)
Aborted (core dumped)
Any idea how to approach troubleshooting or what may resolve this issue? What am I missing?
Thanks.
Regards,
S.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Once you iinstall the gnome keyring, you must also initialize it.
Have you done this?
Initialize and unlock the login keyring: $ killall gnome-keyring-daemon $ echo -n “your-login-password" | gnome-keyring-daemon --unlock |
(bottom of page)
Created on 06-24-2024 04:31 AM Edited on 06-24-2024 08:36 AM
Thank you. @AlexC-FTNT . This did help!
Instead of double quotes, single quotes are required, it seems, as otherwise, the command does not pipe over correctly and gets stuck, so:
echo -n 'your-login-password' | gnome-keyring-daemon --unlock
Still, when I try:
ubuntu@ip:~$ forticlient vpn connect myprofile
I get:
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string::substr: __pos (which is 26) > this->size() (which is 24)
(before attempting to connect, I had created a new profile from scratch, which came up without any previous keyring-related errors)
Perhaps I'm still doing something wrong regarding keyring-daemon (I'm unsure how to force it to log more verbose)? Is there any chance this is a bug of some sort?
Also, if I explicitly ask for credentials every time, why do I need to bother with gnome-keyring-daemon at all? Is it possible to disable this functionality entirely (it also increases the space footprint to install extra packages)?
I'm not sure I know what to suggest further. Let's see if others have more ideas.
This was a step that is often missed, so I wanted to make sure it was performed
Is there a way to raise this issue as a bug, perhaps?
It does look fairly low-level and does not point in any particular direction. It may be very hard to troubleshoot without deep knowledge of what could be at fault, manifesting itself only by this error message.
We are using small 70Fs at the moment, but this configuration works flawlessly on MacOSX and Windows, which suggests that the problem is isolated to the Linux SSL VPN client only.
Yes, there is a way: open a TAC support case with FortiClientEMS Serial Number, FortiClient team will reproduce it and then report it to engineering. They are the team who supports FortiClient and may have more information about this. The free FortiClient version comes with as-is (no support)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.