Comments (17)
This is my service running at boot in CentOS 7.4:
/usr/lib/systemd/system/openfortivpn.service
Description = OpenFortiVPN
After=network-online.target multi-user.target
Documentation=man:openfortivpn(1)
[Service]
User=root
Type=idle
ExecStart = /usr/local/bin/openfortivpn -c /etc/openfortivpn/config
KillSignal=SIGTERM
[Install]
WantedBy=multi-user.target
from openfortivpn.
Type notify
might be useful too as openfortivpn calls sd_notify() to notify systemd when the tunnel is up.
from openfortivpn.
For others looking at this: This isn't working (i.e. automatically restarting) for me as it is (though a similar systemd unit in general is). I haven't spend more time since and setup a cron job which restarts the systemd service if the connection is down.
from openfortivpn.
@DimitriPapadopoulos I was setting up this and when I switch to notify
it gets stuck in this state until it fails, going back to simple
works.
ploi@data-server:~$ /usr/bin/openfortivpn --version
1.6.0
ploi@data-server:~/data.redacted.com/itch$ systemctl status openfortivpn.service
● openfortivpn.service - Forti VPN Api Service
Loaded: loaded (/etc/systemd/system/openfortivpn.service; enabled; vendor preset: enabled)
Active: activating (start) since Tue 2021-10-05 13:07:02 UTC; 19s ago
Docs: man:openfortivpn(1)
Main PID: 19945 (openfortivpn)
Tasks: 6 (limit: 1150)
CGroup: /system.slice/openfortivpn.service
├─19945 /usr/bin/openfortivpn -c /etc/openfortivpn/config
└─19960 /usr/sbin/pppd 38400 :1.1.1.1 noipdefault noaccomp noauth default-asyncmap nopcomp receive-all nodefaultroute nodetach lcp-max-config
[Unit]
Description=OpenFortiVPN Service
After=network-online.target multi-user.target
Documentation=man:openfortivpn(1)
[Service]
User=root
Type=simple
# WorkingDirectory=/root
ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/config
Restart=always
RestartSec=5
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=openfortivpn
KillSignal=SIGTERM
[Install]
WantedBy=multi-user.target
from openfortivpn.
ploi@data-server:~$ /usr/bin/openfortivpn --version 1.6.0
Version 1.6.0 is pretty old and does not call sd_notify()
. My recommendation would be to:
- use
exec
withopenfortivpn
binaries that do not callsd_notify()
(versions prior to 1.8.0), - use
notify
withopenfortivpn
binaries that do callsd_notify()
(versions 1.8.0 and newer built with systemd support).
from openfortivpn.
@requa3r0 see the above discussion about how to start openfortivpn
as a daemon. If your login needs a one time password or any other 2nd factor, it is simply not possible to automate the reconnect
from openfortivpn.
Hi @nidico,
You need to create a systemd config file (either in /etc/systemd/system
or /usr/lib/systemd/system
), for example openfortivpn.service
. I'm not a systemd expert but I guess you would need:
[Install]
After=NetworkManager.service
Once done:
sudo systemctl daemon-reload
sudo systemctl start openfortivpn
sudo systemctl enable openfortivpn
from openfortivpn.
/etc/openfortivpn/config
Type=forking , otherwise systemd will show active status even if VPN connection is not established.
from openfortivpn.
Type=forking
doesn't look right here, because openfortivpn does not fork. Doesn't Type=simple
work for you?
from openfortivpn.
my bad, the service is not start with forking or simple type, only with Type=idle as mentioned r3tr0g4m3r.
from openfortivpn.
it gets stuck in this state until it fails
In which state? How does it fail?
from openfortivpn.
With notify
when I reload and restart I get
● openfortivpn.service - OpenFortiVPN Service
Loaded: loaded (/etc/systemd/system/openfortivpn.service; enabled; vendor preset: enabled)
Active: activating (start) since Tue 2021-10-05 13:05:26 UTC; 1s ago
Docs: man:openfortivpn(1)
Main PID: 19719 (openfortivpn)
Tasks: 7 (limit: 1150)
CGroup: /system.slice/openfortivpn.service
├─19719 /usr/bin/openfortivpn -c /etc/openfortivpn/config
└─19734 /usr/sbin/pppd 38400 :1.1.1.1 noipdefault noaccomp noauth default-asyncmap nopcomp receive-all nodefaultroute nodetach lcp-max-config
as opposed to using simple
● openfortivpn.service - OpenFortiVPN Service
Loaded: loaded (/etc/systemd/system/openfortivpn.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-10-05 13:14:15 UTC; 25min ago
Docs: man:openfortivpn(1)
Main PID: 20310 (openfortivpn)
Tasks: 6 (limit: 1150)
CGroup: /system.slice/openfortivpn.service
├─20310 /usr/bin/openfortivpn -c /etc/openfortivpn/config
└─20325 /usr/sbin/pppd 38400 :1.1.1.1 noipdefault noaccomp noauth default-asyncmap nopcomp receive-all nodefaultroute nodetach lcp-max-config
I see nothing useful in syslog or with journalctl, if I do hostname -I
I can see the expected ip while it's in that state but I can't connect. I can't try to reproduce this now as I need the vpn running to capture some itch data but I will try again with notify tomorrow as I believe there was something in the logs yesterday when I was playing with this.
ploi@data-server:~$ sudo systemctl start openfortivpn.service
Job for openfortivpn.service failed because a timeout was exceeded.
from openfortivpn.
Also see #948.
from openfortivpn.
The standard lease time for fortify vpn server side is 8 hours.
Has as anyone figured out how to automatically reconnect if the connection is lost or the lease time expires.
from openfortivpn.
@mrbaseman If the connection is based on a username + password combination, is it possible to implement auto-reconnect?
from openfortivpn.
@kardoka Really
this daemon reconnects for days...1 sec after the lease time is over.
from openfortivpn.
@kardoka @mrbaseman
Here:
[Unit]
Description=openfortivpn-daemon
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=500
StartLimitBurst=5
[Service]
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/openfortivpn
[Install]
WantedBy=multi-user.target
from openfortivpn.
Related Issues (20)
- URI missing as configuration parameter HOT 2
- Using openvpn breaks openfortivpn HOT 3
- Invalid session ID error when trying to connect from a different network HOT 5
- Use private key file from Windows?
- macOS 14.2.1 and 1.21.0 blocks HOT 5
- modify firewall HOT 3
- connecting with @ in username and context in host HOT 3
- Empty cookie error after server upgrade from 7.2.7 to 7.2.8 HOT 10
- "Error writing to SSL connection" on FreeBSD
- 405 Method Not Allowed HOT 1
- openfortivpn on MAC gets stuck HOT 6
- openfortivpn version 1.22.0
- Wrong value in the 'Accept-Encoding' header HOT 2
- openfortivpn version 1.22.1
- IPCP terminated by peer (conflicting remote IP address) HOT 8
- Explain OTP Flag HOT 1
- v1.20.3 on OpenWRT - Hughes Internet HOT 9
- Older macOS do not provide `vdprintf`: `Undefined symbols: "_vdprintf"` HOT 11
- openfortivpn 1.3.0 not working on ubuntu 24.04 HOT 1
- ERROR: SSL_connect: error:0A000126:SSL routines::unexpected eof while reading, Error happen randomly HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openfortivpn.