connection time out

[antozz]

Hi,
my latest /etc/openfortivpn/config is the following:

### configuration file for openfortivpn, see man openfortivpn(1) ###
host = ***.***.***.***
port = ****
username = ****************
# Password in plain text.
# For a secure alternative, use pinentry or let openfortivpn prompt for the password.
password = ************
# The pinentry program to use. Allows supplying the password in a secure manner.
# pinentry = pinentry-mac
# realm = some-realm
# useful for a gui that passes a configuration file to openfortivpn
# otp = 123456
# otp-delay = 0
# otp-prompt = Please
# This would disable FTM push notification support, and use OTP instead
# no-ftm-push = 1
# user-cert = /etc/openfortivpn/user-cert.pem
# user-cert = pkcs1: # use smartcard as client certificate
# user-key = /etc/openfortivpn/user-key.pem
# pem-passphrase = baz
# the sha256 digest of the trusted host certs obtained by
# openssl dgst -sha256 server-cert.crt:
trusted-cert = ****************************************************************
# trusted-cert = othercertificatedigest6631bf...
# This would specify a ca bundle instead of system-wide store
# ca-file = /etc/openfortivpn/ca-bundle.pem
set-dns = 1
use-resolvconf = 1
set-routes = 1
half-internet-routes = 0
pppd-use-peerdns = 1
# alternatively, use a specific pppd plugin instead
# pppd-plugin = /usr/lib/pppd/default/some-plugin.so
# for debugging pppd write logs here
pppd-log = /var/log/pppd.log
# pass ppp interface name to pppd (if supported by a patched pppd)
# pppd-ifname = ppp1
# pass an ipparam string to pppd, e.g. the device name (a similar use case)
# pppd-ipparam = 'device=$DEVICE'
# instruct pppd to call a script instead of passing arguments (if pppd supports it)
# pppd-call = script
# use-syslog = 0
insecure-ssl = 1
cipher-list = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
# persistent = 0
seclevel-1 = 0

(actually, I've already tried a lot of different options)

Then, all I get is:

DEBUG:  ATTENTION: the output contains sensitive information such as the THE CLEAR TEXT PASSWORD.
DEBUG:  openfortivpn 1.19.0
DEBUG:  Loaded configuration file "/etc/openfortivpn/config".
DEBUG:  Loaded password from configuration file "/etc/openfortivpn/config"
DEBUG:  Configuration host = "***.***.***.***"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "****"
DEBUG:  Configuration username = "****************"
DEBUG:  Configuration password = "************"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: ***.***.***.***
DEBUG:  server_port: ****
DEBUG:  gateway_addr: ***.***.***.***
DEBUG:  gateway_port: ****
ERROR:  connect: Connection timed out
INFO:   Closed connection to gateway.

Also I have openfortigui. It works like a charm with the following configuration:

[cert]
ca_file=
trust_all_gw_certs=true
trusted_cert=****************************************************************
user_cert=
user_key=
verify_cert=false

[options]
always_ask_otp=false
autostart=false
debug=false
half_internet_routers=false
insecure_ssl=false
min_tls=Default
otp_delay=0
otp_prompt=
pppd_call=
pppd_ifname=
pppd_ipparam=
pppd_log_file=/var/log/pppd.log
pppd_no_peerdns=false
pppd_plugin_file=
realm=
seclevel1=false
set_dns=true
set_routes=true

[vpn]
device_type=0
gateway_host=***.***.***.***
gateway_port=****
name=********
password="************************"
persistent=false
username=****************

What is especially puzzling about the whole thing is that openfortigui does use openfortivpn under the hood (or it is supposed to).
Any clues? Am I doing anything wrong? Thanks.

[DimitriPapadopoulos]

Puzzling indeed. A few suggestions:

Either let pppd handle DNS, or openfortivpn, but not both:

set-dns = 1
use-resolvconf = 1
set-routes = 1
half-internet-routes = 0
pppd-use-peerdns = 1

Remove options that you don't really need:

insecure-ssl = 1
cipher-list = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
seclevel-1 = 0

Then, all I get is:

When does the timeout occur? Immediately after connecting? After a few hours of operation?

Finally, what is the version of openfortigui?

[antozz]

Remove options that you don't really need:

Done.

When does the timeout occur? Immediately after connecting? After a few hours of operation?

Quite early, pppd never gets called.

Finally, what is the version of openfortigui?

0.9.8
It calls pppd like this:

/usr/sbin/pppd 230400 :XXX.XXX.XXX.XXX noipdefault noaccomp noauth default-asyncmap nopcomp receive-all nodefaultroute nodetach lcp-max-configure 40 mru 1354 usepeerdns debug logfile /var/log/pppd.log

Here comes a huge (sorry) part of openfortigui log:

dic 18 23:12:34 INFO:   Start tunnel.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: XXX.XXX.XXX.XXX
DEBUG:  server_port: 4090
DEBUG:  gateway_addr: XXX.XXX.XXX.XXX
DEBUG:  gateway_port: 4090
dic 18 23:12:34 DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
dic 18 23:12:34 DEBUG:  Cookie: ...
DEBUG:  Cookie: ...
dic 18 23:12:35 INFO:   Remote gateway has allocated a VPN.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: XXX.XXX.XXX.XXX
DEBUG:  server_port: 4090
DEBUG:  gateway_addr: XXX.XXX.XXX.XXX
DEBUG:  gateway_port: 4090
dic 18 23:12:35 DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
dic 18 23:12:35 DEBUG:  found dns server 172.23.192.2 in xml config
DEBUG:  found dns server 172.23.192.3 in xml config
DEBUG:  ppp_path: /usr/sbin/pppd
DEBUG:  pppd_read thread
DEBUG:  ssl_read thread
DEBUG:  ssl_write thread
DEBUG:  if_config thread
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  pppd_write thread
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (16 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  pppd ---> gateway (10 bytes)
dic 18 23:12:35 DEBUG:  pppd ---> gateway (17 bytes)
DEBUG:  pppd ---> gateway (30 bytes)
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (10 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (6 bytes)
DEBUG:  gateway ---> pppd (17 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
DEBUG:  pppd ---> gateway (6 bytes)
DEBUG:  pppd ---> gateway (6 bytes)
DEBUG:  pppd ---> gateway (24 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (6 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
DEBUG:  pppd ---> gateway (24 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
INFO:   Got addresses: [192.168.254.2], ns [172.23.192.2, 172.23.192.3]
INFO:   Negotiation complete.
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
dic 18 23:12:35 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
dic 18 23:12:36 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
dic 18 23:12:36 DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:36 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:36 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:36 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:37 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:37 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:37 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:37 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:37 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:38 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:38 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:38 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:38 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  pppd ---> gateway (24 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
INFO:   Got addresses: [192.168.254.2], ns [172.23.192.2, 172.23.192.3]
INFO:   Negotiation complete.
dic 18 23:12:38 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:39 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:39 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:39 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:39 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:39 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:40 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:40 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:40 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:40 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:40 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:41 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:41 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:41 DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:41 DEBUG:  Got Address: 192.168.254.2
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  if_config: not ready yet...
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  pppd ---> gateway (24 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
INFO:   Got addresses: [192.168.254.2], ns [172.23.192.2, 172.23.192.3]
INFO:   Negotiation complete.
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:41 DEBUG:  Got Address: 192.168.254.2
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
dic 18 23:12:42 DEBUG:  Got Address: 192.168.254.2
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  if_config: not ready yet...
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (16 bytes)
DEBUG:  pppd ---> gateway (16 bytes)
dic 18 23:12:42 DEBUG:  gateway ---> pppd (6 bytes)
INFO:   Negotiation complete.
DEBUG:  pppd ---> gateway (6 bytes)
Cannot determine ethernet address for proxy ARP
local  IP address 192.168.254.2
remote IP address XXX.XXX.XXX.XXX
primary   DNS address 172.23.192.2
secondary DNS address 172.23.192.3
DEBUG:  pppd ---> gateway (42 bytes)
DEBUG:  Got Address: 192.168.254.2
DEBUG:  Interface Name: ppp0
DEBUG:  Interface Addr: 192.168.254.2
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
DEBUG:  ip route show to 0.0.0.0/0.0.0.0 dev !ppp0
DEBUG:  ip route show to XXX.XXX.XXX.XXX/255.255.255.255 dev ppp0
DEBUG:  Route not found.
DEBUG:  ip route show to XXX.XXX.XXX.XXX/255.255.255.255 dev !ppp0
DEBUG:  Setting route to vpn server...
DEBUG:  ip route show to XXX.XXX.XXX.XXX/255.255.255.255 via 192.168.42.129 dev usb0
DEBUG:  ip route add to XXX.XXX.XXX.XXX/255.255.255.255 via 192.168.42.129 dev usb0
DEBUG:  ip route add to 172.16.83.80/255.255.255.255 dev ppp0
DEBUG:  ip route add to 172.16.84.229/255.255.255.255 dev ppp0
DEBUG:  ip route add to 172.16.84.242/255.255.255.255 dev ppp0
INFO:   Adding VPN nameservers...
DEBUG:  Attempting to modify /etc/resolv.conf directly.
DEBUG:  Adding "nameserver 172.23.192.2", to /etc/resolv.conf.
DEBUG:  Adding "nameserver 172.23.192.3", to /etc/resolv.conf.
INFO:   Tunnel is up and running.
DEBUG:  pppd ---> gateway (56 bytes)
dic 18 23:12:42 DEBUG:  pppd ---> gateway (56 bytes)
dic 18 23:12:42 DEBUG:  pppd ---> gateway (56 bytes)
DEBUG:  pppd ---> gateway (42 bytes)
dic 18 23:12:54 DEBUG:  pppd ---> gateway (77 bytes)
dic 18 23:12:54 DEBUG:  gateway ---> pppd (128 bytes)
dic 18 23:13:00 INFO:   Setting ppp0 interface down.
INFO:   Restoring routes...
DEBUG:  ip route del to XXX.XXX.XXX.XXX/255.255.255.255 via 192.168.42.129 dev usb0
INFO:   Removing VPN nameservers...
DEBUG:  Deleting "nameserver 172.23.192.2" from /etc/resolv.conf.
DEBUG:  Deleting "nameserver 172.23.192.3" from /etc/resolv.conf.
dic 18 23:13:02 Hangup (SIGHUP)
Modem hangup
Connect time 0.4 minutes.
Sent 317 bytes, received 126 bytes.
Connection terminated.
dic 18 23:15:44 INFO:   Start tunnel.
dic 18 23:15:45 INFO:   Connected to gateway.
INFO:   Authenticated.
dic 18 23:15:45 INFO:   Remote gateway has allocated a VPN.
dic 18 23:15:46 INFO:   Got addresses: [192.168.254.2], ns [172.23.192.2, 172.23.192.3]
INFO:   Negotiation complete.
dic 18 23:15:49 INFO:   Got addresses: [192.168.254.2], ns [172.23.192.2, 172.23.192.3]
INFO:   Negotiation complete.
dic 18 23:15:52 INFO:   Got addresses: [192.168.254.2], ns [172.23.192.2, 172.23.192.3]
INFO:   Negotiation complete.
dic 18 23:15:52 INFO:   Negotiation complete.
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
INFO:   Adding VPN nameservers...
INFO:   Tunnel is up and running.
dic 18 23:15:57 INFO:   Setting ppp0 interface down.
INFO:   Restoring routes...
INFO:   Removing VPN nameservers...

[DimitriPapadopoulos]

When does the timeout occur? Immediately after connecting? After a few hours of operation?

Quite early, pppd never gets called.

As far as I can see, this is where openfortivpn fails, it cannot connect to the server:

openfortivpn/src/tunnel.c

Lines 754 to 758 in 04dc8d4

	ret = connect(handle, (struct sockaddr *) &server, sizeof(server));
	if (ret) {
	log_error("connect: %s\n", strerror(errno));
	goto err_connect;
	}

I have no clue. Are you certain you're feeding openfortivpn and openfortivpngui the same host/port?

[antozz]

As far as I can see, this is where openfortivpn fails, it cannot connect to the server:

openfortivpn/src/tunnel.c

Lines 754 to 758 in 04dc8d4

	ret = connect(handle, (struct sockaddr *) &server, sizeof(server));
	if (ret) {
	log_error("connect: %s\n", strerror(errno));
	goto err_connect;
	}

This showed that the problem had to be sought elsewhere. Eventually I managed to find a misconfigured port redirection. Thank you very much for your kindness and sorry for unnecessarily annoying you.

I tried to connect from an unrooted Android phone. Unfortunately Android prevents using pppd, so I had to set up the whole openforti-thing in a qemu vm. It worked flawlessly with openfortigui by simply copying the same configuration I have on my laptop. But then I began looking for a simpler solution: having to install qt5 and all the other gui stuff in a headless vm is utterly pointless and it eats up a Gb disk space. I stumbled upon openfortivpn, but somehow I ended up with a misconfigured machine. It may happen when one is forced to add layers of complexity.

Sure I'm going to close the issue. My bad. But I have a last question: could openfortivpn somehow work entirely in userspace so as to work out of the box for edge use cases, in which one can't have root access? Thank you again.

[DimitriPapadopoulos]

About your question about running openfortivpn without root privileges, see #650.

• pppd needs to be run as root because of noauth in the default pppd parameters, but:
  • We could get rid of pppd and use PPP code within openfortivpn itself (see Use a TUN device and embedded PPP code, instead of using pppd #1048).
  • For now, you may add --pppd-call and use custom pppd parameters (see add option to permit running as non-root #1018).
• About setting route and DNS resolution:
  • You could have pppd handle both with --pppd-call and set-routes = 0/set-dns = 0 (see add option to permit running as non-root #1018).