VPN y accesos
Openfortivpn
Instalación
Primero hay que instalar la aplicación openfortivpn.
sudo apt-get install openfortivpn
Configurar VPN
Crear el siguiente fichero.
cd /etc/openfortivpn
sudo vi config.tirme
host=acceso.tirme.net
port=11443
username=USUARIO_VAULT
password=PASSWORD_VAULT
trusted-cert=b5e800b366fab7ca983f99c37a430928608679255554dbe29ac8f380d40d8a83
Y accedemos a la VPN.
IMPORTANTE: se envía un código como segundo factor al correo.
sudo openfortivpn -c /etc/openfortivpn/config.tirme
INFO: Connected to gateway.
Two-factor authentication token:
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
INFO: Got addresses: [172.27.27.1], ns [192.168.0.100, 192.168.0.101]
INFO: Negotiation complete.
INFO: Got addresses: [172.27.27.1], ns [192.168.0.100, 192.168.0.101]
INFO: Negotiation complete.
INFO: Negotiation complete.
local IP address 172.27.27.1
remote IP address 169.254.2.1
INFO: Interface ppp0 is UP.
INFO: Setting new routes...
INFO: Adding VPN nameservers...
INFO: Tunnel is up and running.
Si da error de certificado, hay que reemplazarlo en el fichero config.unal.
sudo openfortivpn -c /etc/openfortivpn/config.tirme
ERROR: Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, rerun with:
ERROR: --trusted-cert 84ec15b206adc57973031254cc579c7edc737929f9afc748a33d41d775a595d6
ERROR: or add this line to your configuration file:
ERROR: trusted-cert = 84ec15b206adc57973031254cc579c7edc737929f9afc748a33d41d775a595d6
ERROR: Gateway certificate:
ERROR: subject:
ERROR: C=US
ERROR: ST=California
ERROR: L=Sunnyvale
ERROR: O=Fortinet
ERROR: OU=FortiGate
ERROR: CN=FG5H1E5819904555
ERROR: emailAddress=support@fortinet.com
ERROR: issuer:
ERROR: C=US
ERROR: ST=California
ERROR: L=Sunnyvale
ERROR: O=Fortinet
ERROR: OU=Certificate Authority
ERROR: CN=fortinet-subca2001
ERROR: emailAddress=support@fortinet.com
ERROR: sha256 digest:
ERROR: 84ec15b206adc57973031254cc579c7edc737929f9afc748a33d41d775a595d6
INFO: Closed connection to gateway.
Acceso a las máquina
ssh soffid@192.168.0.11