DMVPN / NHRP on fortigates

Forum|Forum|10 years ago
February 1, 2016
1 reply
15076 views

Hi All,

I'm trying to setup a VPN between a fortigate and a VyOS device, the fgt has dynamic external IP assigned so I wanted to use DMVPN in order to allow a interface mode VPN to work here. I had the same config between the VyOS and a Cisco router which worked fine, but so far haven't been able to get this working on the fortigate.

It's quite possible fortiOS doesn't support NHRP since I cannot find any info on the documentation, but since NHRP is based on GRE over IPSEC and that is explained on the manual I though I would ask here before giving up.

Any information on the matter appreciated.

JJ1Author

New Member

Ok, so in the end I got this working by setting up a simple GRE over IPSEC.

Basically an IPSEC tunnel with a private IP configured at each and and then a GRE tunnel between those IPs, which gives me a tunel interface on the VyOS side where I can route my traffic to.

emnoc

New Member

FWIW: That will create additional overheard ( 24bytes GRE ) and the ESP header. Is there any reason you need GRE?

JJ1Author

New Member

Not really, as I mentioned before all I want is an interface mode VPN. Unfortunately, because the FGT has dynamic IP, the device in the other end (VyOS) doesn't let me create a VTI bound to an IPSEC which uses "named peer ID".

I've also opened a thread on the VyOS forum to see if there's a way around it on the other end.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded