Login/Register
How to remember password in FortiClient VPN? [closed]
Asked Answered
vpn
D

9

71

The last version of FortiClient asks me about my password every time. How can I make the program to remember it and who faces a similar problem?

Does anyone have a solution?

Damoiselle answered 1/4, 2016 at 12:29 Comment(0)
J
71
  1. Open FortiClient console.
  2. Press button Backup in System section.
  3. Save your configuration in vpn.conf file (No password).
  4. Open vpn.conf in text editor.
  5. Find string: "show_remember_password" type="4" data="0"
  6. Modify to: "show_remember_password" type="4" data="1"
  7. Save changes.
  8. Press button Restore in System section FortiClient console.
  9. Select your changed vpv.conf file. Now you can see Save Password checkbox and you can save your password.
Jeremiad answered 3/9, 2017 at 15:52 Comment(11)
v5.6.6.1167: after restore conf there is Save Password checkbox, but it disappears after a successful connection and disconnect(Canoness
Not sure if it's still applicable, but in v5.4, even though the checkbox on the main screen disappears, if you go into 'Connection Settings' and switch Authentication from 'Prompt on login' to 'Save login', it will still offer both the username and password input boxes.Galan
As of version 6.0 this no longer works. The Backup button will always create a .sconf file. This file is encrypted.Ethiopian
@MarcelGelijk if you do not input a password the file will be saved as .conf not encryptedMudlark
As @Canoness is saying in v5.6.6.1167 it only works until disconnect.Mines
v6.2.2.0877 here. It seems that it will always disappear if you change the registry or config after you disconnect. This is likely being reset each time due to the server administrator's setting.Holcomb
For FortiClient 6.4 (free version) this doesn't work anymore since the Restore button is disabled.Acarology
@MarkusPscheidt for me it works fine, now 11/2021 with 7.0.1.0083, the Resore button is disable only when a VPN is connected.Brandybrandyn
@MarkusPscheidt If the Restore button is disabled, click on the lock icon on the top-rightSubsoil
On version 7.2.2.0753 on Ubuntu 23.10, we need to backup first, and them, restore. The tags I changed to 1 were 'show_remember_password' and 'save_password'.Upthrow
Is there any alternative client with the same protocol? I truly hate this app...Parted
B
40

I had the same issue in OSX (Sierra) using Forticlient 5.4.1.I ended up editing the following file: [May be in a different location for you depending how app was installed - look at long answer below if it doesn't exist]

sudo vim /Library/Application\ Support/Fortinet/FortiClient/conf/vpn.plist

To change the following two zeroes to ones:

...
<dict>
        <key>YOUR_VPN_CONNECTION_NAME_HERE</key>
        <dict>
                <key>AllowAutoConnect</key>
                <integer>1</integer>
                <key>AllowKeepRunning</key>
                <integer>0</integer>
                <key>AllowSavePassword</key>
                <integer>1</integer>
...

Save and then simply open again and the checkboxes to save will be available now, unlike before.

You could also use the same thing to save some vpn settings for auto rollout of machines by script (instead of manual setup for each user)

For those interested, the way I found it was simple:

  1. Open Forticlient Console

  2. In terminal run "sudo opensnoop | grep Forti"

  3. In forticlient console quickly add a new vpn

  4. (CNTl-C) terminal and then search through output

  5. File above was most obvious sounding one and quick look showed a good outlook.

  6. Edit as above and it works.

Butanol answered 12/2, 2017 at 9:39 Comment(10)
Thank you for this! However FortiClient will change it back to AllowSavePassword=0 when connecting. To fix this you need to use "sudo uchg vpn.plist" to prevent it from doing so after you logged in once with saving your password and taking a look at what he saved in "<key>Password</key>"Schwaben
The newest version(5.6.1.723) doesn't save the password although I already do above trick and check the Remember credential check boxStinkpot
And if I type the password configuration directly into the plist file, the configuration is not recognised by FortiClient appStinkpot
Followed @LeoHilbert workaround and it worked on latest Forticlient (5.6.1) with some minor tweaks : 1/ I edited vpn.plist file, updated AllowSavePassword flag to AND created a new "Password" string entry with my password as value. 2/ Called sudo chflags uchg vpn.plist to prevent any change on the file from FortiClient. Warning : be aware that after this, FortiClient will not be able to persist any config change anymoreHeath
Just wanted to update that as of 6.0.1.28, @Frédéric's steps still work!Cusec
It kind of works, but FortiClient still removes the password from the textbox if I disconnect. Password appears again if I restart FortiClient (but shutdown prompts for OS X user password so it's actually less convenient than typing the VPN password without FortiClient restart). To revert the uchg change use sudo chflags nouchgAlcoran
It's worth noting, at least in my case using FortiClient 6.0.1.0028, that I had to use an alphanumeric password only, otherwise the client would reject the vpn.plist and refuse to load it.Cusec
If you can live with the fact to actually close the app on each disconnect you can add a script-section to the vpn.plist file: <key>OnDisconnectScript</key> <string>nohup PATH_TO_YOUR_RESTART_SCRIPT</string> and put this into the restart_script: #!/usr/bin/env bash killall FortiClientAgent; killall FortiClient; open -a FortiClient -jg && osascript -e 'tell application "System Events" to set visible of application process "FortiClient" to false';Maximinamaximize
This worked for me, while I am on the free version, so auto connect didn't, but save password did, and that is a big time saverSky
Can't make it work on FortiClient VPN 7.0.8.0308 I found the file, AllowSavePassword and SavePassword to 1 make the checkbox appear, but no "Password" in the xml is considered, and if i don't change flags, the file is reset to savepassword 0 and no password encoded. I'll give up to use the password manager every single time....Oliy
G
24

According to the official documentation, "How to activate Save Password, Auto Connect, and Always Up in FortiClient", the availability of this option (and some others) is decided by the server administrator, using the config setting set save-password enable.

You can currently override this by tampering with the show_* options in the registry; specifically, HLKM\Software\Wow6432Node\Fortinet\Forticlient\sslvpn\<name>\show_remember_password = 1
Then if 'save password' is checked during login, the client will encrypt the password into the DATA1 and DATA2 values, and even though the server may hide the checkboxes again, the saved password will stay. To clear it, edit the connection's settings and switch auth back to 'Prompt on login'.

EDIT: As posted by Igor half a year later, a much more structured solution is to export the config file, alter it and then load it back in. There are various useful settings you might want to tweak. You can also re-use the config file when deploying to multiple hosts or re-installing.

Galan answered 29/1, 2017 at 14:41 Comment(4)
What if the OS is not Windows?Stinkpot
One answer below indicates they might be stored as xml data files. But as I wrote at the bottom of this post, a much more reliable and portable solution would be to export, edit and re-import the config file, as described in another answer here. Please upvote it.Galan
This does not work in version 6.0. The registry hive is not editable. Even administrators make modifications.It seems like the people at FortiClient use StackOverflow as well.Ethiopian
Of course it's not, they've been setting the access permissions on those keys to SYSTEM or TrustedInstaller or whatnot. To make modifications, you need to do the usual thing - take ownership, give yourself write access, make the modifications, remove access, restore ownership. Or, psexec run regedit.exe as SYSTEM, that bypasses all restrictions. But it's even easier to use the xml config method mentioned in the other, better answer.Galan
E
23

For windows and Forticlient VPN (Not only named Forticlient) 6 or above version:

  1. Open the FortiClient.
  2. Press the config symbol.
  3. Press the button Backup.
  4. Save your configuration in vpn.conf file.
  5. Open your vpn.conf in text editor.
  6. Find the string: show_remember_password (it must be 0)
  7. Modify to: 1
  8. Find the string again show_remember_password under user_configuration.
  9. Modify to: data="1"
  10. Save changes.
  11. Find button Restore under config again.
  12. Firstly, click lock icon(this button enable to restore operation) and then click restore.
  13. Select your changed vpn.conf file. Now you can see Save Password checkbox and you can save your password.
  14. This checkbox may be disappear after first using. Don't worry, if your password changes, do it again these steps.
Ermines answered 8/6, 2020 at 8:0 Comment(2)
Thank you! P.s. the "lock icon" is on the left blue panel (the "drawer")Firenze
In version 7 it always disappear and does not workClipfed
A
21

FortiClient 6.4: In Windows regedit, go to

Computer\HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\<vpn name>

and set the value of show_remember_password to 1.

Acarology answered 29/3, 2021 at 9:20 Comment(2)
It's working but the save password checkbox will disappear after one time of connecting.Twoseater
@Twoseater I see. Maybe it's steered by the Forti server that you are connecting to, as described in @theultramage's answer: if the server doesn't want you to save the password, then the "save password" setting is supposed to be invisible.Acarology
S
5

in Windows, if you use register editor, and search HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels<VPN_NAME>, you'll se a show_remember_password entry with a value of "0". If you change this value to "1", you will be able to save your password for latter use...

Superpose answered 2/3, 2022 at 17:57 Comment(0)
S
3

For FortiClient VPN 6.4.3, seems like you have to

  1. modify the user configuration section within the *.conf" file or
  2. add a save_password node to the ui section in your *.conf file.

I'll detail option 1.:

Open FortiClient VPN

Export your *.conf file:

  1. Click the gear icon (second icon) on the upper-right
  2. Click Backup
  3. In the file dialog box, indicate the file to output your *.conf
  4. Ensure the "Include user settings" is checked
  5. Indicate a password for encrypting the *.conf file. This password is used simply to encrypt sensitive info for exporting/importing the *.conf file.
  6. Open the *.conf file in a text editor.
  7. 7 At the bottom of the file, in the user_configuration section, set show_remember_password key to 1:
  8. Save the *.conf file.

Import your *.conf file:

  1. Click the padlock icon on the upper-right. This must be done to Restore *.conf file
  2. Click the Restore button
  3. Indicate the File and password (used to encrypt the *.conf file in the 'Export conf file' section)
  4. Click OK

This did the trick for me. Also, it appears once this was done, a "save_password" element was added to the conf file, if exported again: connections > connection > ui section of the *.conf file, with a value of 1:

<ui>
    <show_alwaysup>0</show_alwaysup>
    <show_autoconnect>0</show_autoconnect>
    <save_username>0</save_username>
    <save_password>1</save_password>
    <show_remember_password>0</show_remember_password>
</ui>
Scorecard answered 12/4, 2021 at 18:56 Comment(2)
worked at first try on macos on FortiClient VPN 7.0.0.0022 I've exported the file .conf, edited the value at forticlient_configuration > vpn > sslvpn > connections > connection (this is your connection were you want to save the password) > ui > save_password, then saved the file and imported it, restarted the application and inserted passwrod then it saved the password and i can log in VPN without enter passwordCistaceous
It works just in a very first time, when I disconnect and I have to type my password again.Shewchuk
P
2

For Linux you may use forticlientsslvpn_cli with Expect to feed in the password.

A complete solution available here:

https://gist.github.com/azizasm/e216bc47b54f5b68405f3c8f8b832e8a

Note: this solution will auto reconnect the if the VPN get disconnected.

Peace answered 17/10, 2017 at 7:8 Comment(0)
M
2

I have tried editing the configuration file and restoring but the switch resets itself after a connection has been made as described above. I have also edited the registry at Computer\HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels<vpn name> to ensure a key SavePass exists with a value of 1 but that also does not persist. This is on version 6+ of Forticlient. However on version 5.2.5.0658 I found that editing the config file AND editing the vpn connection details and removing the 'Description' field I can then enter a password and tick the save password. This is remembered after disconnecting and persists provided you don't shutdown Forticlient.

Mcmahan answered 8/4, 2021 at 3:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.