From e488e6c6a556811a1242720703fe3dcc3217d23c Mon Sep 17 00:00:00 2001
From: Xing-Kai Wang <my@xkwang.org>
Date: Sun, 10 May 2026 23:52:03 +0800
Subject: [PATCH] openfortivpn: add realm parameter support

Some FortiGate VPN gateways require a specific authentication realm
when multiple domains or user groups are configured on the same server.

This commit updates the netifd protocol script to parse the 'realm'
option from the UCI configuration and correctly append it to the
openfortivpn command line arguments.

Signed-off-by: Xing-Kai Wang <my@xkwang.org>
---
 net/openfortivpn/files/openfortivpn.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/openfortivpn/files/openfortivpn.sh b/net/openfortivpn/files/openfortivpn.sh
index b4bc9f5d01..55168e51d5 100755
--- a/net/openfortivpn/files/openfortivpn.sh
+++ b/net/openfortivpn/files/openfortivpn.sh
@@ -24,6 +24,7 @@ proto_openfortivpn_init_config() {
 	proto_config_add_string "remote_status_check"
 	proto_config_add_boolean "saml_login"
 	proto_config_add_int "saml_login_port"
+	proto_config_add_string  "realm"
 	no_device=1
 	available=1
 }
@@ -34,9 +35,9 @@ proto_openfortivpn_setup() {
 	local msg ifname ip server_ips pwfile callfile
 
 	local peeraddr port tunlink local_ip username password persist_int \
-	      trusted_cert remote_status_check saml_login saml_login_port
+	      trusted_cert remote_status_check saml_login saml_login_port realm
 	json_get_vars host peeraddr port tunlink local_ip username password persist_int \
-		      trusted_cert remote_status_check saml_login saml_login_port
+		      trusted_cert remote_status_check saml_login saml_login_port realm
 
 	ifname="vpn-$config"
 
@@ -148,6 +149,8 @@ proto_openfortivpn_setup() {
 		fi
 	}
 
+	[ -n "$realm" ] && append_args "--realm=$realm"
+
 	callfile="/var/etc/openfortivpn/peers/$config"
 	echo "115200
 :$local_ip