Skip to main content

VPN y accesos

Openfortivpn

Instalación

Primero hay que instalar la aplicación openfortivpn.

sudo apt-get install openfortivpn
Configurar VPN

Crear el siguiente fichero.

cd /etc/openfortivpn
sudo vi config.tirme

host=acceso.tirme.net
port=11443
username=USUARIO_VAULT
password=PASSWORD_VAULT
trusted-cert=b5e800b366fab7ca983f99c37a430928608679255554dbe29ac8f380d40d8a83

Y accedemos a la VPN.

IMPORTANTE: se envía un código como segundo factor al correo.

sudo openfortivpn -c /etc/openfortivpn/config.tirme

INFO:   Connected to gateway.
Two-factor authentication token: 
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
INFO:   Got addresses: [172.27.27.1], ns [192.168.0.100, 192.168.0.101]
INFO:   Negotiation complete.
INFO:   Got addresses: [172.27.27.1], ns [192.168.0.100, 192.168.0.101]
INFO:   Negotiation complete.
INFO:   Negotiation complete.
local  IP address 172.27.27.1
remote IP address 169.254.2.1
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
INFO:   Adding VPN nameservers...
INFO:   Tunnel is up and running.

Si da error de certificado, hay que reemplazarlo en el fichero config.unal.

sudo openfortivpn -c /etc/openfortivpn/config.tirme

ERROR:  Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert 84ec15b206adc57973031254cc579c7edc737929f9afc748a33d41d775a595d6
ERROR:  or add this line to your configuration file:
ERROR:      trusted-cert = 84ec15b206adc57973031254cc579c7edc737929f9afc748a33d41d775a595d6
ERROR:  Gateway certificate:
ERROR:      subject:
ERROR:          C=US
ERROR:          ST=California
ERROR:          L=Sunnyvale
ERROR:          O=Fortinet
ERROR:          OU=FortiGate
ERROR:          CN=FG5H1E5819904555
ERROR:          emailAddress=support@fortinet.com
ERROR:      issuer:
ERROR:          C=US
ERROR:          ST=California
ERROR:          L=Sunnyvale
ERROR:          O=Fortinet
ERROR:          OU=Certificate Authority
ERROR:          CN=fortinet-subca2001
ERROR:          emailAddress=support@fortinet.com
ERROR:      sha256 digest:
ERROR:          84ec15b206adc57973031254cc579c7edc737929f9afc748a33d41d775a595d6
INFO:   Closed connection to gateway.

Acceso a las máquina

ssh soffid@192.168.0.11