Skip to main content
atilasouza
atilasouza
Visitor III
December 31, 2025
Question

Pls, Help-me Strongswan On Linux Mint with FortiGate (Client-to-site)

  • December 31, 2025
  • 1 reply
  • 274 views

Good afternoon, gentleman,

I'm starting my journey with FortiGate and I'm trying to learn how to set up a IPSec Tunnel Client-to-site VPN with StrongsWan and FortiGate.

I made these configurations is a test environment with a FortiGate, but i can't get the connection up with my Linux Mint.

Could someone please describe the correct script to insert into /etc/ipsec.conf.d/forti.conf and /etc/ipsec.conf.d/secrets?

 

Auth.jpegConf.jpegPhase1.jpegPhase2.jpegXAuth.jpeg

1 reply

GeorgeZhong
Staff & Editor
GeorgeZhong
Staff & Editor
January 1, 2026

Hi,

By looking at the FortiGate configuration itself, we don't see any issue. But the thing is we need to ensure all phase 1 and phase2 configurations are well matched between FortiGate and StrongsWan.

 

Below debug commands can be executed on the FortiGate side to see how the FortiGate is negotiating with StrongsWan and which part of configuration is not matched:

 

diagnose vpn ike log-filter dst-addr4 x.x.x.x <---- To filter using remote-gateway address.

diagnose vpn ike log filter rem-addr4 x.x.x.x <---- Command to filter using remote-gateway address. (v7.4.1 and above).

diagnose debug app ike -1 <----- To do the VPN debug.

diagnose debug console timestamp enable <----- To cross-check with VPN events.
diagnose debug enable <------ To display the debug output.

 

Please refer to below document for further troubleshoot:

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-Tunnel-debugging-IKE/ta-p/190052

 

Regards,

George

    Terms & ConditionsAccessibility statement