Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
opocta
Staff
Staff

Created on ‎11-26-2015 05:50 AM

Technical Note: How to configure Linux version of Shrew Soft VPN with a FortiGate

Description
This example uses Linux Mint version 14.04 and Shrew Soft VPN Access Manager 2.2.1 to demonstrate configuration of dial up IPsec VPN using peer id.

Scope
FortiOS v5.2, Linux Mint/Ubuntu 14.04.

Solution
Configure dial up VPN on FortiGate unit, in this example the configuration is as follows (Other examples can be found in the Fortinet Document Library:(

config vpn ipsec phase1-interface
    edit "linux_vpn"
        set type dynamic
        set interface "wan1"
        set mode aggressive
        set peertype one
        set mode-cfg enable
        set ipv4-dns-server1 8.8.8.8
        set proposal aes128-sha1 3des-md5
        set dhgrp 5
        set xauthtype auto
        set authusrgrp "dialup_users"
        set peerid "linux"
        set ipv4-start-ip 192.168.10.1
        set ipv4-end-ip 192.168.10.50
        set psksecret preshared-key
    next
end

config vpn ipsec phase2-interface
    edit "linux_vpn"
        set phase1name "linux_vpn"
        set proposal aes128-sha1 3des-md5
        set dhgrp 5
        set keylifeseconds 3600
    next
end

config firewall policy
    edit 1
        set uuid 640e95fc-92ae-51e5-7a0f-361f63fea596
        set srcintf "linux_vpn"
        set dstintf "internal"
        set srcaddr "all"
        set dstaddr "local_lan"
        set action accept
        set schedule "always"
        set service "ALL"
    next
end

config user group
    edit "dialup_users"
        set member "test"
    next
end
config user local
    edit "test"
        set type password
        set passwd user_password
    next
end

Shrew Soft VPN Access Manager can be installed from repository.

opocta_FD37618_tn_FD37618-1.jpg

Open the client and create new connection.

opocta_FD37618_tn_FD37618-2.jpg

The default settings can be left unchanged on the Client and NameResolution tabs.

opocta_FD37618_tn_FD37618-3.jpg

opocta_FD37618_tn_FD37618-4.jpg

In the Authentication, select "Mutual PSK + XAuth" and under Local Identity select "User Fully Qualified Domain Name" - this is the value of peerid.

opocta_FD37618_tn_FD37618-5.jpg

In Phase 1 + 2 configure parameters to match those on the FortiGate.

opocta_FD37618_tn_FD37618-6.jpg

opocta_FD37618_tn_FD37618-7.jpg

The Policy tab can be left to the default settings.

Once the configuration is completed, select the tunnel and click Connect. A prompt to enter username and password will be shown. After filling both fields, click the Connect button and the tunnel will be established.

opocta_FD37618_tn_FD37618-8.jpg

opocta_FD37618_tn_FD37618-9.jpg

Related Articles

Technical Note : How to configure Windows version of Shrew Soft IPSec VPN tunnel with a FortiGate

Labels:
7897
0 Kudos
Contributors

Contact Us