Skip to main content
ravisingh
Staff
ravisingh
Staff
May 27, 2025

Technical Tip: Remote IPsec VPN with FortiClient VPN in IOS devices

  • May 27, 2025
  • 0 replies
  • 14065 views
Description

This article describes how to configure a remote-access IPsec VPN using IKEv2 between FortiGate and FortiClient VPN on iOS or iPadOS devices.
Scope FortiGate/FortiOS v7.2 and later, and FortiClient VPN for iOS or iPadOS.
Solution

This article provides guidance for configuring FortiClient on iOS with a FortiGate IPsec remote-access VPN using IKEv2, which is the supported approach for current FortiClient releases.

 

Proceed to download the FortiClient app from this link: Product Downloads.

 

Clientios.png

 

Note: After downloading the FortiClient installer and opening the application for the first time, it is necessary to accept several pop-up notifications before proceeding with the VPN configuration.

 

  • Open the FortiClient VPN application:

 

1st.jpg

 

  • Select 'Connection' and 'Add Configuration':

 

2nd.jpg

 

  • Select 'Secure Protocol' as 'IKEV2 VPN' and provide 'Name' as the IPsec Remote VPN name configured on FortiGate. Add the 'Server Address' as the interface IP of the IPsec VPN and set the same 'pre-shared key'.

 

  • Enable the EAP-Auth (Mandatory) and set Local and Remote Identifier (Optional):

 

3rd.jpg

 

  • Select the phase1 and phase2 ciphers and Lifetime matching with FortiGate settings:

 

4th.jpg

 

  • Add the username at the bottom and save the settings.

 

5th.jpg

 

  • Return to the VPN first page and select 'Connect'. That will prompt for username and password for the 'Mac-user'. 

 

Notes:

  • If issues connecting are encountered, ensure that the server address and credentials are correct.
  • Check the network connection to ensure there is internet access.
  • If using a corporate network, it is necessary to verify VPN permissions.
  • If FortiToken is used, it will not work for Non-SAML authentications with IPsec. 
  • If the VPN connection issue persists, collect IKE debug logs for further troubleshooting: Troubleshooting Tip: IPsec VPN tunnels.

  • FortiClient for iOS does not support separate FortiToken authentication when connecting to a dial-up VPN gateway. As a workaround, enter the FortiToken code together with the password in the password field when signing in:

Password: iOSrul3s.

FortiToken Code: 123456.
The user will enter iOSrul3s123456 when prompted for the password.

 

Related documents:
      Terms & ConditionsAccessibility statement