Skip to main content
SulyIT
SulyIT
New Member
June 6, 2018
Question

IPsec VPN on linux ?

  • June 6, 2018
  • 5 replies
  • 71372 views

Hi, 

 

I would like to know if it's possible to connect the VPN Remote Access IPsec (not the site2site) in Linux? 

 

I know that for the VPN SSL I can use openFortinet or something like that in linux, but apparently the IPsec VPN is not supported. 

 

Another questions, is there a way to start and stop the Ipsec VPN from command prompt or with an API?  

    5 replies

    ericli_FTNT
    Staff
    ericli_FTNT
    Staff
    June 6, 2018

    You can install a FortiClient as a IPSEC client on Linux.

     

    [link]https://www.forticlient.com/[/link]

    SulyIT
    SulyITAuthor
    New Member
    June 6, 2018

    As you can see in attachment the linux client doesn't support the IPSec VPN. 

    It is possible to use another client for the connexion on linux? Or this is possible to use a regular site2site instead of the client? 

     

    Thanks in advance 

    ericli_FTNT
    Staff
    ericli_FTNT
    Staff
    June 6, 2018

    Sorry, double checked it. It turns out that currently linux version does not have this feature.

    emnoc
    emnoc
    New Member
    August 13, 2018

    review  strongswan. It's suitable for ipsec vpn  and for dialup  applications.

    HancieC
    HancieC
    New Member
    August 30, 2018

    Do anyone tried to connect StrongSwan tunnel (route-based) IPSEC mode to Cisco router (ISR) or maybe someone have an instruction how to do it ?

    I need to connect an linux instance from cloud to Cisco ISR router

    hendri_tobing
    hendri_tobing
    New Member
    July 8, 2019

    Hi, 

     

    I wonder also about this. Is there any solution or at least a workaround for Linux users to connect to IPSec VPN?

     

    Thank you.

    SulyIT
    SulyITAuthor
    New Member
    July 8, 2019
    Update : I was able to use shrewsoft VPN to make it work. At first I tried to match the config and guessing the config, but I found this tool recently, ike-scan, and it can scan an IP address and found most of the settings. You can also use openswan or strongswan, but you need the version that allow ikev1. Side note, I planned to "NAT" the VPN so I could share the route on my network, creating a sort of site-2-site. Since the protocol use IPsec the NAT rules I used with most SSL VPN didn't work. I was never able to make it work so I downloaded Virtualbox and used the NAT network interface in virtualbox and another interface in the lan network, activating routing on the VM and created a NAT. To my surprise it work incredible well for my needs. (Basically the mating is handle by a nested Linux VM and the VPN is connected on the host. The traffic enter by the nested VM, routed to nat network created by virtualbox and finally transferred on the VPN interface on the host.)
    britzer0683
    britzer0683
    New Member
    January 28, 2022

    Is there any plan from fortinet to have IPSEC Configuration in linux?

    Terms & ConditionsAccessibility statement