65

The last version of FortiClient asks me about my password every time. How can I make the program to remember it and who faces a similar problem?

Does anyone have a solution?

zx485
  • 28,498
  • 28
  • 50
  • 59
Artem Khaustov
  • 677
  • 1
  • 5
  • 5

9 Answers9

62
  1. Open FortiClient console.
  2. Press button Backup in System section.
  3. Save your configuration in vpn.conf file (No password).
  4. Open vpn.conf in text editor.
  5. Find string: "show_remember_password" type="4" data="0"
  6. Modify to: "show_remember_password" type="4" data="1"
  7. Save changes.
  8. Press button Restore in System section FortiClient console.
  9. Select your changed vpv.conf file. Now you can see Save Password checkbox and you can save your password.
Community
  • 1
  • 1
Igor
  • 621
  • 5
  • 2
  • 11
    v5.6.6.1167: after restore conf there is **Save Password** checkbox, but it disappears after a successful connection and disconnect( – Filomat Jun 13 '18 at 12:45
  • Not sure if it's still applicable, but in v5.4, even though the checkbox on the main screen disappears, if you go into 'Connection Settings' and switch Authentication from 'Prompt on login' to 'Save login', it will still offer both the username and password input boxes. – theultramage Jun 16 '18 at 06:16
  • 10
    As of version 6.0 this no longer works. The Backup button will always create a .sconf file. This file is encrypted. – Marcel Gelijk Oct 03 '18 at 09:34
  • 6
    @MarcelGelijk if you do not input a password the file will be saved as .conf not encrypted – Rodrigo Reis Nov 23 '18 at 11:43
  • 3
    As @Filomat is saying in v5.6.6.1167 it only works until disconnect. – Sampgun Dec 04 '18 at 09:10
  • 1
    `v6.2.2.0877` here. It seems that it will always disappear if you change the registry or config after you disconnect. This is likely being reset each time due to the server administrator's setting. – Paradox Jan 10 '20 at 14:30
  • 12
    For FortiClient 6.4 (free version) this doesn't work anymore since the `Restore` button is disabled. – Markus Pscheidt Mar 29 '21 at 09:19
  • @MarkusPscheidt for me it works fine, now 11/2021 with 7.0.1.0083, the Resore button is disable only when a VPN is connected. – dovid Nov 15 '21 at 14:01
39

I had the same issue in OSX (Sierra) using Forticlient 5.4.1.I ended up editing the following file: [May be in a different location for you depending how app was installed - look at long answer below if it doesn't exist]

sudo vim /Library/Application\ Support/Fortinet/FortiClient/conf/vpn.plist

To change the following two zeroes to ones:

...
<dict>
        <key>YOUR_VPN_CONNECTION_NAME_HERE</key>
        <dict>
                <key>AllowAutoConnect</key>
                <integer>1</integer>
                <key>AllowKeepRunning</key>
                <integer>0</integer>
                <key>AllowSavePassword</key>
                <integer>1</integer>
...

Save and then simply open again and the checkboxes to save will be available now, unlike before.

You could also use the same thing to save some vpn settings for auto rollout of machines by script (instead of manual setup for each user)

For those interested, the way I found it was simple:

  1. Open Forticlient Console

  2. In terminal run "sudo opensnoop | grep Forti"

  3. In forticlient console quickly add a new vpn

  4. (CNTl-C) terminal and then search through output

  5. File above was most obvious sounding one and quick look showed a good outlook.

  6. Edit as above and it works.

JJJ
  • 32,902
  • 20
  • 89
  • 102
Matt McGlinn
  • 391
  • 3
  • 3
  • 3
    Thank you for this! However FortiClient will change it back to AllowSavePassword=0 when connecting. To fix this you need to use "sudo uchg vpn.plist" to prevent it from doing so after you logged in once with saving your password and taking a look at what he saved in "Password" – Leo Hilbert Jul 24 '17 at 13:59
  • 2
    The newest version(5.6.1.723) doesn't save the password although I already do above trick and check the `Remember credential` check box – HendraWD Apr 17 '18 at 05:31
  • And if I type the password configuration directly into the plist file, the configuration is not recognised by FortiClient app – HendraWD Apr 17 '18 at 05:39
  • 9
    Followed @LeoHilbert workaround and it worked on latest Forticlient (5.6.1) with some minor tweaks : 1/ I edited vpn.plist file, updated AllowSavePassword flag to AND created a new "Password" string entry with my password as value. 2/ Called sudo chflags uchg vpn.plist to prevent any change on the file from FortiClient. Warning : be aware that after this, FortiClient will not be able to persist any config change anymore – Frédéric Camblor Jun 01 '18 at 12:37
  • 2
    Just wanted to update that as of 6.0.1.28, @Frédéric's steps still work! – EvilJordan Sep 06 '18 at 20:32
  • 7
    It kind of works, but FortiClient still removes the password from the textbox if I disconnect. Password appears again if I restart FortiClient (but shutdown prompts for OS X user password so it's actually less convenient than typing the VPN password without FortiClient restart). To revert the uchg change use `sudo chflags nouchg` – juhoautio Dec 18 '18 at 07:25
  • It's worth noting, at least in my case using FortiClient 6.0.1.0028, that I had to use an alphanumeric password only, otherwise the client would reject the vpn.plist and refuse to load it. – EvilJordan Apr 09 '19 at 22:38
  • If you can live with the fact to actually close the app on each disconnect you can add a script-section to the `vpn.plist` file: `OnDisconnectScript nohup PATH_TO_YOUR_RESTART_SCRIPT` and put this into the restart_script: `#!/usr/bin/env bash killall FortiClientAgent; killall FortiClient; open -a FortiClient -jg && osascript -e 'tell application "System Events" to set visible of application process "FortiClient" to false';` – fragmentedreality Jul 31 '19 at 21:34
  • This worked for me, while I am on the free version, so auto connect didn't, but save password did, and that is a big time saver – Amit Feb 22 '21 at 05:43
  • Can't make it work on FortiClient VPN 7.0.8.0308 I found the file, AllowSavePassword and SavePassword to 1 make the checkbox appear, but no "Password" in the xml is considered, and if i don't change flags, the file is reset to savepassword 0 and no password encoded. I'll give up to use the password manager every single time.... – N Dorigatti Jul 31 '23 at 07:31
23

According to the official documentation, "How to activate Save Password, Auto Connect, and Always Up in FortiClient", the availability of this option (and some others) is decided by the server administrator, using the config setting set save-password enable.

You can currently override this by tampering with the show_* options in the registry; specifically, HLKM\Software\Wow6432Node\Fortinet\Forticlient\sslvpn\<name>\show_remember_password = 1
Then if 'save password' is checked during login, the client will encrypt the password into the DATA1 and DATA2 values, and even though the server may hide the checkboxes again, the saved password will stay. To clear it, edit the connection's settings and switch auth back to 'Prompt on login'.

EDIT: As posted by Igor half a year later, a much more structured solution is to export the config file, alter it and then load it back in. There are various useful settings you might want to tweak. You can also re-use the config file when deploying to multiple hosts or re-installing.

theultramage
  • 350
  • 1
  • 4
  • 11
  • 3
    What if the OS is not Windows? – HendraWD Apr 17 '18 at 05:02
  • 1
    One answer below indicates they might be stored as xml data files. But as I wrote at the bottom of this post, a much more reliable and portable solution would be to export, edit and re-import the config file, as described in another answer here. Please upvote it. – theultramage Apr 18 '18 at 07:24
  • 1
    This does not work in version 6.0. The registry hive is not editable. Even administrators make modifications.It seems like the people at FortiClient use StackOverflow as well. – Marcel Gelijk Oct 03 '18 at 09:38
  • 1
    Of course it's not, they've been setting the access permissions on those keys to SYSTEM or TrustedInstaller or whatnot. To make modifications, you need to do the usual thing - take ownership, give yourself write access, make the modifications, remove access, restore ownership. Or, psexec run regedit.exe as SYSTEM, that bypasses all restrictions. But it's even easier to use the xml config method mentioned in the other, better answer. – theultramage Oct 03 '18 at 14:42
21

For windows and Forticlient VPN (Not only named Forticlient) 6 or above version:

  1. Open the FortiClient.
  2. Press the config symbol.
  3. Press the button Backup.
  4. Save your configuration in vpn.conf file.
  5. Open your vpn.conf in text editor.
  6. Find the string: show_remember_password (it must be 0)
  7. Modify to: 1
  8. Find the string again show_remember_password under user_configuration.
  9. Modify to: data="1"
  10. Save changes.
  11. Find button Restore under config again.
  12. Firstly, click lock icon(this button enable to restore operation) and then click restore.
  13. Select your changed vpn.conf file. Now you can see Save Password checkbox and you can save your password.
  14. This checkbox may be disappear after first using. Don't worry, if your password changes, do it again these steps.
Emir Kılınç
  • 543
  • 6
  • 15
19

FortiClient 6.4: In Windows regedit, go to

Computer\HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\<vpn name>

and set the value of show_remember_password to 1.

Markus Pscheidt
  • 6,853
  • 5
  • 55
  • 76
  • 1
    It's working but the save password checkbox will disappear after one time of connecting. – XAMT Apr 03 '21 at 07:41
  • @XAMT I see. Maybe it's steered by the Forti server that you are connecting to, as described in [@theultramage's answer](https://stackoverflow.com/a/41922098/606662): if the server doesn't want you to save the password, then the "save password" setting is supposed to be invisible. – Markus Pscheidt Apr 06 '21 at 15:29
3

For FortiClient VPN 6.4.3, seems like you have to

  1. modify the user configuration section within the *.conf" file or
  2. add a save_password node to the ui section in your *.conf file.

I'll detail option 1.:

Open FortiClient VPN

Export your *.conf file:

  1. Click the gear icon (second icon) on the upper-right
  2. Click Backup
  3. In the file dialog box, indicate the file to output your *.conf
  4. Ensure the "Include user settings" is checked
  5. Indicate a password for encrypting the *.conf file. This password is used simply to encrypt sensitive info for exporting/importing the *.conf file.
  6. Open the *.conf file in a text editor.
  7. 7 At the bottom of the file, in the user_configuration section, set show_remember_password key to 1:
  8. Save the *.conf file.

Import your *.conf file:

  1. Click the padlock icon on the upper-right. This must be done to Restore *.conf file
  2. Click the Restore button
  3. Indicate the File and password (used to encrypt the *.conf file in the 'Export conf file' section)
  4. Click OK

This did the trick for me. Also, it appears once this was done, a "save_password" element was added to the conf file, if exported again: connections > connection > ui section of the *.conf file, with a value of 1:

<ui>
    <show_alwaysup>0</show_alwaysup>
    <show_autoconnect>0</show_autoconnect>
    <save_username>0</save_username>
    <save_password>1</save_password>
    <show_remember_password>0</show_remember_password>
</ui>
Matt
  • 39
  • 3
  • worked at first try on macos on FortiClient VPN 7.0.0.0022 I've exported the file .conf, edited the value at forticlient_configuration > vpn > sslvpn > connections > connection (this is your connection were you want to save the password) > ui > save_password, then saved the file and imported it, restarted the application and inserted passwrod then it saved the password and i can log in VPN without enter password – Matteo Gaggiano Jun 29 '21 at 12:24
  • It works just in a very first time, when I disconnect and I have to type my password again. – felipelmota Aug 20 '21 at 21:48
2

For Linux you may use forticlientsslvpn_cli with Expect to feed in the password.

A complete solution available here:

https://gist.github.com/azizasm/e216bc47b54f5b68405f3c8f8b832e8a

Note: this solution will auto reconnect the if the VPN get disconnected.

AzizSM
  • 6,199
  • 4
  • 42
  • 53
2

I have tried editing the configuration file and restoring but the switch resets itself after a connection has been made as described above. I have also edited the registry at Computer\HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels<vpn name> to ensure a key SavePass exists with a value of 1 but that also does not persist. This is on version 6+ of Forticlient. However on version 5.2.5.0658 I found that editing the config file AND editing the vpn connection details and removing the 'Description' field I can then enter a password and tick the save password. This is remembered after disconnecting and persists provided you don't shutdown Forticlient.

Nelson
  • 93
  • 1
  • 2
  • 7
2

in Windows, if you use register editor, and search HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels<VPN_NAME>, you'll se a show_remember_password entry with a value of "0". If you change this value to "1", you will be able to save your password for latter use...

Ruben Ajras
  • 31
  • 4