Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Yngve0
New Contributor II

SOLVED: Strongswan 2 FG60B

FG60B 4MR3 patch18 Behind NAT and dynamic public IP Strongswan 5.1.2 Public IP + loopback 10.177.177.2 I am not able to make the tunnel up and running and I dont understand why. Config of the Fortigate: Phase 1:
config vpn ipsec phase1-interface
     edit " DialUp_strongswan" 
         set interface " wan1" 
         set dhgrp 2
         set proposal aes256-sha1
         set localid " publicfqdn.mydomain.com" 
         set remote-gw <public-ip-strongswan>
         set psksecret ****
     next
 end
 
Phase2
 config vpn ipsec phase2-interface
     edit " VPN_StrongSwan" 
         set dst-addr-type ip
         set keepalive enable
         set phase1name " DialUp_strongswan" 
         set proposal 3des-sha1 3des-md5
         set dhgrp 2
         set dst-start-ip 10.177.177.2
         set src-subnet 192.168.160.0 255.255.252.0
     next
 end
 
Stongswan: Ipsec.conf
config setup
         charondebug=" dmn 1, mgr 1, ike 2, chd 1, job 1, cfg 3, knl 2, net 2,enc 1, lib 1" # Sample VPN connections
 
 
 conn Fortigate
         auto=start
         left=<public-ip-strongswan>
         leftsubnet=10.177.177.2/255.255.255.255
         right=%any
         rightsubnet=192.168.160.0/22
         compress=no
         #pfs=yes
         esp=3des-modp1024
         #auth=esp
         authby=secret
         keyingtries=%forever
 
 
 
ipsec.secret
 <public-ip-strongswan> %any : PSK " ****" 
10 REPLIES 10
MikePruett
Valued Contributor

Palamar,

 

Create a new thread and list the issues you are experiencing and a list of the way things are configured and we can see what is up. This original  thread is really old and the issue was resolved. Is your issue the same as theirs?