IPSec remote access from Linux with SAML SSO
Hi everyone,
I'm trying to set up remote access via IPSec to a FortiGate 60F. Since MS365 SSO is in use already for various services, this should be used also for VPN access. I've been able to successfully implement this and was able to connect from a Windows box with SSO and the FortiClient VPN-only version (7.4.3 hotfix 1.8758). EMS is not in use. However, I'm also looking for a solution for Linux, but each option that I see leads to a dead
- Open-source IPsec clients like strongswan and libreswan don't appear to support SSO authentication (yet). I tried to add a separate user using static credentials for EAP login, but I also haven't found a way to use these tools with both a PSK and additional EAP authentication.
- I was able to establish a connection with the regular Linux FortiClient, but it can't be used without an EMS except for a trial.
- The FortiClient VPN-only version for Linux (7.4.3 build 1736) appears to only support SSL VPN, but not IPSec.
- SSL VPN is obsolete and was removed from recent FortiOS, so resorting to this protocol is not really an option.
(When) will FortiClient VPN-only for Linux be updated to support IPSec VPN? Right now it appears to be Zombie software, as it only supports a protocol that is not available on updated FortiGates, so I assume the plan is to fully deprecate SSL VPN. Alternatively, can the regular FortiClient installation be put into Standalone mode, so that it can work without an EMS?
If there is no way with the FortiClient, did anybody succeed in configuring strongswan/libreswan to connect to a FortiGate with SSO or at least with a static user, when both PSK and EAP is in use?
Thanks!