Connecting using Strongswan

long story short, yes.

you can have a look at https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Site-to-Site-VPN-with-Strongswan-on/ta-p/275092 

I imagine you have full control over your linux environment and you are not really asking on the fortigate side of things. 

The guide is good for getting the tunnels running, but not forcing traffic through the actual tunnels. What we had to do was create iptables rules for this like so (adopt to your environment):

-m policy --pol ipsec

I have set things up according to the guide. It is connecting, but I suspect routes are not established. 

I made an attempt at creating postroutes as proposed by Daniel, but did not get any further. 

MY_PUBLIC_IP=161.35.215.79 GATEWAY_IP=91.197.59.230 SERVICE_IP=91.197.59.31  # ipsec status  root@ec-vpn:/etc# ipsec status Security Associations (1 up, 1 connecting):          hbl[2]: ESTABLISHED 2 minutes ago, 161.35.215.79[161.35.215.79]...91.197.59.230[91.197.59.230]          hbl{2}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: c87dd435_i 39898c12_o          hbl{2}:   10.11.144.128/26 === 91.197.59.31/32          hbl[1]: CONNECTING, 161.35.215.79[161.35.215.79]...91.197.59.230[91.197.59.230]   # ipsec.conf  config setup     charondebug="all"     uniqueids = yes  conn strongswan-to-fortigate #client Site     left=161.35.215.79     leftsubnet=0.0.0.0/0     leftid=161.35.215.79 #server Site     right=91.197.59.230     rightsubnet=91.197.59.31/24     rightid=91.197.59.230 # Auth     authby=psk     keyexchange=ikev2 #IKE (Phase 1)     ike=aes256gcm-prfsha384-curve25519!     ikelifetime=14400s #ESP (Phase 2)     esp=aes256-sha384-modp3072!     lifetime=3600s #Settings     type=tunnel     auto=start     dpdaction=restart     dpddelay=20s     dpdtimeout=60s  # postroutes  iptables -t nat -A POSTROUTING -s 91.197.59.31/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT iptables -t nat -A POSTROUTING -s 91.197.59.31/24 -o eth0 -j MASQUERADE