Hello,
In Forticlient VPN for Linux (Ubuntu 22.04), the IPsec VPN tab does not appear.
How can I connect Forticlient VPN IPSEC on Linux?
Currently, the FortiClient for Linux does not support IPSEC in the client, you would need to set it up natively on the Linux computer. Here is a tech article that talks about this:
It's a shocker to me that this is the case (is it still a case in April 2024?).
Juat is trying to configure FortiClient Version 7.2.4.0809 on Ubuntu 22, and it seems that the only option is SSL VPN if you want to use the CLI.
Is there a reason as to why this functionality is not available?
Why would I need to use strongswan for that (I was so sure that it would be a slick experience from Fortinet and then I bumped into this....)?
Yeah, I also learned about this the hard way. I am thinking of setting a PFSense VM or appliance and configure a gateway-to-gateway IPSec tunnel and then I can use whatever OS I want; PFSense to the rescue once again.
I'm in the same problem. Do you have and example on how to connect from the CLI on Linux?
Thanks!
Try manual configuration via the command line. Check your settings closely, especially authentication details and server address.
What command line are you talking about? Could you help me?
Thanks!
After a bit of research I managed to find a way to connect to my IPSEC fortigate with fortitoken, this is how I do it:
First, install libreswan
then edit /etc/ipsec.conf and adapt this config with your info:
config setup
uniqueids=no
ikev1-policy=accept
conn fortigate
ikev2=no
ike=aes256-sha256;modp1536
esp=aes256-sha1;modp1536
authby=secret
pfs=yes
auto=add
left=%defaultroute
leftid=LOCAL_REMOTE_IP
leftxauthusername=FORTINET_USERNAME
rightsubnet=0.0.0.0/0
right=FORTIGATE_PUBLIC_IP
rightid=FORTIGATE_LOCAL_IP
rightxauthserver=yes
leftxauthclient=yes
rightmodecfgserver=yes
leftmodecfgclient=yes
modecfgpull=yes
nm-configured=yes
aggrmode=yes
ikelifetime=86400s
salifetime=43200s
dpddelay=20s
dpdtimeout=60s
nat-ikev1-method=rfc
esn=either
nopmtudisc=yes
remote-peer-type=cisco
nat-keepalive=no
If you don't know your FORTIGATE_LOCAL_IP, comment out the line, the ip will be shown in the log (the rightid has to be the same on both sides).
If you don't know your LOCAL_REMOTE_IP, don't specify it and then use `ip xfrm state` to find it.
Then you have to edit the /etc/ipsec.secrets file like this :
%any : PSK "YOUR_PSK"
@VPN_USERNAME : XAUTH "YOUR_PASSWORD_FORTITOKEN"
So if your password is toto_123 and the fortitoken is currently 234789, then the password is toto_123234789
You will have to modify it each time you want to connect to your VPN since the fortitoken is dynamic.
Then run `sudo systemctl restart ipsec`
if there are errors, check journalctl -xeu ipsec.service, logs are pretty clear.
then run `sudo ipsec up fortigate` since the conn is named as fortigate in our conf.
User | Count |
---|---|
2674 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.