forticlientsslvpn doesn't work with a proxy on Cent OS 7

Question

I'd like to use forticlientsslvpn on Cent OS 7 through a proxy but it doesn't work with a message "Can not connect to proxy" or "Can not resolve proxy address". I guess it needs some dependent libraries but I don't know them.

1. I downloaded the latest Forticlient SSLVPN 4.4.2329-1 64bit from here. (I installed it on debian then copied the forlder(/opt/forticlientsslvon) to the clean Cent OS 7.)

2. Both forticlientsslvpn CLI and GUI failed on the same error. This is the result of the cli command.

   [root@cent7 /]# cd ~/forticlient-sslvpn/64bit/
   [root@cent7 /]# ./forticlientsslvpn_cli --proxy 10.0.0.73:3128 --server 203.0.113.1:10443 --vpnuser myuser
   Password for VPN:
   STATUS::Setting up the tunnel
   STATUS::Connecting...
   NOTICE::Can not connect to proxy.
   STATUS::Set up tunnel failed
   SSLVPN down unexpectedly with error:2
   Press Ctrl-C to quit
   Clean up...
   
   # Another proxy variable
   [root@cent7 /]# ./forticlientsslvpn_cli --proxy http://10.0.0.73:3128 --server 172.17.97.85:10443 --vpnuser myuser
   Password for VPN:
    08/19/2016 18:19:26 [23461] can not resolve name http://10.0.0.73
    Init SSLVPN error:Can not resolve proxy address
   
   # Check the proxy connection
   [root@cent7 /]# telnet 10.0.0.73 3128
    Trying 10.0.0.73...
    Connected to 10.0.0.73.
    Escape character is '^]'.         # OK
   
   # Check DNS
   [root@cent7 /]# nslookup 10.0.0.73
    Server:        10.0.0.70
    Address:        10.0.0.70#53
   
    Non-authoritative answer:
    73.0.0.10.in-addr.arpa        name = dns.example.com.
   

Of cource my forticlient on windows in the same network works with the proxy to the server. And FireFox/wget on this Cent OS 7 server works with the proxy. Does anyone know anything about "Can not connect to proxy" error?

Answer 1

My IP was wrong and needed ip route add

Although the error message was "Can not connect to proxy", my destination forti IP was wrong. It was connected after I fixed it.

One more thing, I noticed a confusing point. I have two proxies like a socks proxy and a web proxy at this time. I knew ssl-vpn uses only web connections but I guessed forticlient might use ssh command during the connection. But it didn't. Forticlient_sslvpn needs only a web proxy so we just need to fill the proxy form of forticlient with a web proxy's url.

And one more thing. After I connected to ssl-vpn, it doesn't work perfectly because I can ping to internal server but not to DMZ(Of course my windows forticlient works well for both). I added ip route to DMZ and it started to work.

ip route add 192.168.3.0 via 10.0.0.5

I guessed this GW 10.0.0.5 is not the same everytime and every machine so I made the dynamic command.

ip route add 192.168.3.0/24 via $(ip route | grep 10.0.0 | awk '{print $3}' | head -1)

I hope this helps someone.