FortiClient integration problems

Hi Will,
I will verify with André but it's not our fault if we can specify the logon details. If they don't provide the command line or the API, there is nothing we can do. Could you try to close the VPN with the command line to see if it works?

Hey David,

That's fair. What command does it currently use to close the vpn?

Hi,
It's

FortiSSLVPNclient.exe /disconnect or ipsec.exe /disconnect

Hi,
Since the update to VPNAddOn.dll version 3.0.1.3 it will no longer disconnect the FortiSSLVPN automatically. The command for disconnect is "FortiSSLVPNclient.exe disconnect" without the forward slash. Can this be fixed?

Hi,
I think we changed that recently. It was the opposite we had a customer that it was not working with another Forticlient version. We will update the add-on with a new option called "Use legacy Disconnect"

Hey David - The ipsec doesn't disconnect using the command you provided.

@will.mcenaney
Are you able to disconnect it with a another command?

Hi,

I added the "legacy Disconnect" option for FortiClient session. It uses the method prior to version 3.0.1.3.
Could you try it and give us feedback please ?

Just have to replace the dll in %LocalAppData%\Devolutions\RemoteDesktopManager

Best regards,
edited by asanscartier on 7/10/2014

Hi Andre,

Can confirm that "legacy Disconnect" works fine. Thanks a lot.

Regards
Michael

Hi David,

Sorry - I forgot about this - been very busy.

I have not found a command that will let me disconnect as of yet.

Cheers

Will

@Will

Let me know if you find anything or if you find a workaround.

hi
have still the same Problem
can not close forticlient session (ipsex.exe)
legay disconnect does not solve the Problem
also tried to Change the vpnaddon.dll from above - same Problem
rdm 12.0.8.0
forticlient 4.2.7 (also not works with newer or older Versions)
br klaus

Hello,

Could you try running the ipsec.exe command out of RDM to see if it works?
It should be one of these two commands:
<pathToExecutable>\ipsec.exe disconnect
<pathToExecutable>\ipsec.exe quit
The second one is what is called when using "legacy disconnect". Do either of these work outside of RDM?

Regards,

hi
both (quit and disconnect) does not work anymore (since Version 4 forticlient)
legacy disconnect on rdm not working
what means legacy disconnect outside rdm?
klaus

Is there an alternative to quit or disconnect? We could add an option to use the new way to close the FortiClient ipsec client, but we need your help since we don't have access to the executable.

Regards,

hi
when i activate "Show Command" i see that rdm send "[path-to-exe]\ipsec.exe -k -b VPNTunelName"
this open the tunnel in silent mode and it works, but in this case the command "[path-to-exe]\ipsec.exe quit" does not work anyway
when i start manually the tunnel with "[path-to-exe]\ipsec.exe VPNTunelName" (withou -k -b), then i can Close the tunnel with "[path-to-exe]\ipsec.exe quit"
the different between starting with or without the Parameter is:
with -k -b -> silent
without Parameters -> see the ipsec Connection in the dos box
so, when i create a new entry "command line" with run:
for example:
"C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe" "1536_Wechselberger"
and set the "Event" "after disconnect" to
"C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe" quit
it works
so what means the -k -b exactly (Can not find anything about it at fortinet)
http://kb.fortinet.com/kb/documentLink.do?externalID=FD30811
klaus

We could add an option to run it silently (use "-k" and "-b") which could be disabled. This should fix the issue. What do you think?

Regards,

seems to be okay

Hello,

Could you try out the version attached to this post? There will be an option you have to uncheck called "open as hidden". This should fix your issue but just to make sure I'd like to get your feedback.

Regards,

hi, thank you
does not work at the Moment because when deactivate "open as hidden" then rdm start only ..\ipsec.exe (without any Parameter)
-> new dos box -> start empty ipsec session
we need Minium one parameter -> the Tunnel-Name -> ..\ipsec.exe TunnelName
another Thing ist that the dos box is external and the session is not shown as active
ist it possible to "embed" the "dos-box" and set the session active (green - open session until it is closed)?
klaus

hi
another Problem now
when i start rdm i became many add in erros (already replaced the dll with the origimal)
?

Here is another version of the add-on with a fix for the issue you mentioned.

For the error message, could you make sure there is only one instance of VPNAddOn.dll in either your RDM installation folder or %localappdata%\Devolutions\RemoteDesktopManager ? This error happens when it tries to load the same add-on twice. This is because it finds the same DLL file twice in either of these folders. If you tried to back up your add-on DLL you would have to do it outside of these two folders.

Regards,

Ok thank you
Im out off office now and try it tommorow
The plugin error is fixed, it was the original dll with different suffix in the same folder
Br klaus

hi
tested from outside
works now fine
the command execute in a new window
is it possible to embed the ipsec.exe command box in rdm and shown as actice/closed session (green) ?
klaus

Thanks for the feedback Klaus. We'll see what we can do for embedding and showing as opened in the tree.

Regards,

Ok thanks
Would be great if the embedding works too
Klaus

Sure you can. Take a look at the Cisco ASDM Add-on. This add-on waits for the authentication window and fills the username and password fields (using sendkeys I guess).

It took me a few hours to debug and test, but I found out there is an undocumented feature which makes it possible to pass an username and password to ipsec.exe.

What I did:
ipsec.exe -k -U "username" -P "password" "Connection name"

This would be a great addition to the add-on. I'm going the use this in a custom VPN for now.

@Roel VB: Could you try this version of the add-on out? It should allow you to choose username/password and it will send them using -U and -P respectively. You can install it by dropping the DLL file in %LocalAppData%\Devolutions\RemoteDesktopManager

Regards,

@Roel VB

Have you been able to try the new VPN add-on in the previous thread? We would like to have your feedback to then deploy this new verson if it's working fine.

Best regards,

hi
yes, works fine
the only thing is: when i disable "open as hidden" it works fine now but the ipsec.exe comman start in a extra commandline window
it would be better when the commandline window is integrated (embedded) in rdm (it shows also logs and errors from the tunnel -> helpful)
i must use this option "deactivated 'Open as hidden'" because otherwise i can not close the tunnel with rdm "close session"
additionally it would be good when the vpn tunnel is shown as active (green) in rdm when it is open
klaus

Hello,

The Forticlient add-on has been updated to 3.0.26.0, you can download it now on our website.

This adds three things:
- Can now specify username and password when using both Forticlient and Fortissl
- New option to taskkill ipsec.exe on close
- When not using "open as hidden", RDM will consider Forticlient to be 'running' (show the green play button) as long as the window is still open

Unfortunately, we cannot yet embed the window, but we will think of a way to do this.

Regards,