How to solve FortiClient VPN disconnect issue

Before the pandemic, penetration testers used to go directly to the client’s location for security testing, spending days or even nights there. However, with Covid-19, habits in the IT industry, like many other sectors, have changed. A significant portion of companies have transitioned to remote or hybrid work. Even those who haven’t fully embraced remote work can synchronize effectively with companies offering remote services.

As a result, remote cybersecurity testing has become more feasible. Among these services is penetration testing. Today, it’s possible to conduct penetration tests on target systems via properly configured VPNs. In fact, it’s not just possible—it’s often the preferred method for clients. This flexibility is a significant advantage for many cybersecurity firms, especially those serving clients in different cities or countries.

However, there can be challenges when connecting to clients. One such challenge arises when trying to connect to FortiClient while working on a Windows operating system. If you’ve been frustrated by FortiClient constantly disconnecting during penetration testing, don’t worry—the solution is straightforward. Contrary to what some forums might suggest, you don’t need to purchase the paid version of FortiClient.

Here’s what you can do:

  1. Navigate to Control Panel > Internet Options > Connections.
  2. Remove the connection named fortissl.
  3. Restart your computer.
  4. Run FortiClient and connect via VPN.

Following these steps, you won’t experience disconnects anymore.

If you’re a Kali Linux user and need to set up a secure VPN connection, openfortivpn is a great choice. It allows you to connect to Fortinet VPNs and perform penetration testing tasks remotely. In this guide, I’ll walk you through the installation process step by step.

Installing openfortivpn

Update your package list: Open a terminal and run the following commands:

sudo apt update

Install openfortivpn: Run the following command to install the openfortivpn package:

sudo apt install openfortivpn

Uninstalling openfortivpn

If you ever need to remove openfortivpn, follow these steps:

Uninstall openfortivpn: Run the following command to remove the package:

sudo apt remove openfortivpn

Clean up: To clean up any residual files, run:

sudo apt autoclean && sudo apt autoremove

Connecting via openfortivpn

For connecting via openfortivpn, you should first create a config file, discover the trusted cert value, and add it to the config file.

Create a Configuration File:

Open a terminal and run the following commands:

touch openfortivpn.conf
chmod go= openfortivpn.conf

Edit the Configuration File:

Use your preferred text editor (such as nano or vim) to open the configuration file:

nano openfortivpn.conf

Add the Following Lines to the configuration file – replace the placeholders with your actual values:

username = <YOUR_USERNAME>
password = <YOUR_PASSWORD>
# trusted-cert =

Connect for the first time:

Run the following command in the terminal:

sudo openfortivpn -c openfortivpn.conf

If you encounter the following error related to an untrusted SSL certificate:

ERROR: Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, rerun with:
ERROR: --trusted-cert <some-random-string-to-add-to-trusted-cert>

Edit the openfortivpn.conf file and update the trusted-cert option with the string from the error. Make sure the option is not commented (remove the #).

Connecting each time:

Whenever you need to connect, run:

sudo openfortivpn -c openfortivpn.conf

Happy, secure VPN connections!

Write a Comment