OpenfortiVPN
When I’m on a pentest engagement, and the client is too remote for me to travel to, or they are overseas, the most common method of connecting to their internal network is via VPN. The most common VPN access I get given is Fortinet VPN. On Linux, I use openfortivpn, which can be found here: https://github.com/adrienverge/openfortivpn and below are some of the common commands I use for connecting:
#Install
sudo apt update
sudo apt install openfortivpn
#Connect to openfortivpn cli using SAML or browser based SSO cookie
sudo openfortivpn ssl.target.com:443 -u 'username' -p 'password' --trusted-cert 378de90a23dfg4283bdfg3395ddfhfgh8d7f1bcd5456ec59dfgh348accf92befda112c --cookie="SVPNCOOKIE=FT3hi0QCOHm....."
#Connect to openfortivpn using OTP
sudo openfortivpn ssl.target.com:10443 -u 'username' -p 'password' --trusted-cert cdgdfgc73e8f5hjhjkhkf1884a0e2dd053fghfgh7f6cd1590tyutyuoibe051d05d16 --otp=659753
#VPN split tunnel to have internet access while connected to client VPN (If the client you are testing blocks internet traffic)
sudo openfortivpn ssl.target.com:10443 -u 'username' -p 'password' --trusted-cert cdeetr3273e8fghfgh3a0yui884jhiuod67jhfh3704247hhjkhd110e6c6cbe0554d16 --otp=511983 & while ! ip link show ppp0 > /dev/null 2>&1; do sleep 1; done; sudo ip route del default dev ppp0 2>/dev/null; DEFAULT_GW=$(ip route | grep '^default' | grep eth0 | awk '{print $3}'); sudo ip route add default via $DEFAULT_GW dev eth0; VPN_NETWORK=$(ip route | grep '^default' | grep ppp0 | awk '{print $3}'); [ -n "$VPN_NETWORK" ] && sudo ip route add $VPN_NETWORK dev ppp0