tl;dr
The official Fortinet SSL VPN client for Ubuntu is unstable and slow. Use openfortivpn instead – it now supports SAML authentication (for 2FA), offers better performance, and provides superior troubleshooting capabilities.
I recently experienced several issues with the official Fortinet SSL VPN client on Ubuntu. The client was crashing frequently, connections take up to five minutes to establish or to close. openfortivpn was always a great alternative, and it also helped me in the past debug several network issues, which I could not solve with the official client.
The only downside of openfortivpn was that it did not support SAML authentication, which is the case for many companies if they want to use 2FA. For this, the client opens a browser window where you can authenticate with your SAML provider, allowing you to use your standard credentials and other authentication factors. With the release of openfortivpn 1.23.0 this is no longer the case, as it now supports SAML authentication.
The installation is not as easy as with the official client, and unfortunately the latest binaries are not available in all the official repositories. It requires to compile the source code, which is not a big deal, but still a bit more effort than just installing a package. To make it easier for you, I have written this guide after my troubleshooting session (tested on Ubuntu 22.04):
-
Install the required packages
sudo apt update sudo apt install build-essential git autoconf automake pkg-config libssl-dev -
Clone the openfortivpn repository and checkout the latest release
git clone https://github.com/adrienverge/openfortivpn.git cd openfortivpn git checkout v1.23.1 -
Compile and install openfortivpn
./autogen.sh ./configure make sudo make install -
Connect to your VPN
openfortivpn <your-vpn-url> --saml-login
This will prompt you to click on a link in your browser to authenticate using SAML. After you have done that, you can close the browser and the VPN connection will be established.
In terms of performance and stability, I have found openfortivpn to be much better than the official client. The only issue I found so far is with networks used by Docker. For some reason they are not able to access the resources behind the VPN. To solve this issue I had to restart the docker service after the VPN connection was established.
sudo systemctl restart docker
There might be other issues, but so far I have not encountered any. I am curious to also check if this client can integrate with NetworkManager, which would make it even more user friendly.
Conclusion
After struggling with the official Fortinet SSL VPN client's crashes and connection issues on Ubuntu, openfortivpn has proven to be a superior alternative. The recent addition of SAML authentication support removes the last major limitation for corporate users. Despite requiring compilation from source, the benefits are substantial: faster connections, improved reliability, and better troubleshooting capabilities. The only issue I've encountered was with Docker networks, easily fixed by restarting the Docker service. I plan to explore NetworkManager integration next and welcome your experiences in the comments.