Created on
10-31-2019
02:51 AM
Edited on
04-06-2025
11:14 PM
By
Anthony_E
Description
This article demonstrates the deployment of OCVPN (Overlay Controller Virtual Private Network).
OCVPN is meant to be really fast and easy to configure because it will automatically create:
In this setup, there is the following:
The aim is to be able to communicate between these 2 subnets by using an IPsec VPN.
Both FortiGates need to be registered on the support.fortinet.com portal (FortiCare).
Scope
FortiGate.
Solution
Go on the GUI under VPN -> Overlay Controller VPN of the first FortiGate VM01.
Note: The IPsec-based OCVPN service has been discontinued and licenses for it can no longer be purchased as of v7.4.0. GUI, CLI, and license verification support for OCVPN have been removed from FortiOS. Upon upgrade, all IPsec phase 1 and phase 2 configurations, firewall policies, and routing configurations previously generated by the OCVPN service will remain. Alternative solutions for OCVPN are the Fabric Overlay Orchestrator in v7.2.4 and later, the SD-WAN overlay templates in FortiManager v7.2.0 and later, and using the FortiCloud Overlay-as-a-Service (OaaS) which is supported in v7.4.4 and later.
This information has been included in FortiOS 7.4.4 release notes: Remove OCVPN support
Related articles:
Troubleshooting Tip: Troubleshooting IPsec Site-to-Site Tunnel Connectivity
Technical Tip: How to configure VPN Site to Site between FortiGates (Using VPN Setup Wizard)
Troubleshooting Tip: IPsec VPNs tunnels
Technical Tip: Setting multiple DNS server for IPSec dial-up VPN
Technical Tip: NAT-traversal comparison between site-to-site and dial-up” dynamic” tunnels
Technical Tip: FortiGate Hub with multiple IPSec Dial-up phase1 using IKEv2 and PSK authentication
Technical Tip : How to configure multiple VPN tunnels from the same ISP to the same remote peer ISP.
Technical Tip: IPSec dial-up full tunnel with FortiClient
Technical Tip: Differences between Aggressive and Main mode in IPSec VPN configurations
Technical Note: Dynamic routing (BGP) over IPsec tunnel
Technical Tip: OSPF with IPSec VPN for network redundancy
Technical Tip: Dynamic dial-up VPN with OSPF
Technical Tip: Fortinet Auto Discovery VPN (ADVPN)
Technical Tip: 'set net-device' new route-based IPsec logic
Technical Tip: SD-WAN integration with OCVPN
Technical Tip: Configure IPsec VPN with SD-WAN
Technical Tip: SD-WAN with DDNS type IPsec
Technical Tip: SD-WAN primary and backup ipsec tunnel Scenario
Troubleshooting Tip: IPsec VPN Phase 1 Process - Aggressive Mode
Technical Tip: How to configure IPsec VPN Tunnel using IKE v2
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.