- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forticlient VPN for OS X Yosemite Change Authentication Mode
I'm having trouble finding a way to change my authentication mode from "Aggressive" to "Main" while connecting via OS X Forticlient. I'm testing with IPSec Remote Access on my Fortigate 200D and my windows workstations connect fine, because I can set them to "Main" mode.
Everything is up to date, including the forticlient application.
Any ideas?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1> open the forticlient console
2> unlock the change button
3> go to perferences
4> hit the button backup
5> save a copy
5> F5/find the line
6> make the changes
7 > restore using the "changed forticlient cfg"
That's how I 've always done it. YMMV but just make sure you backup the cfg b4 doing any changes. Then you always have a "before" and "after"
;)
ken @ socpuppet.blogspot.com
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would threw the xml cfg file but serious aggressive mode should be the mode to use if the remote-peer ip_address is not known or your using a identifier ( aka group in cisco lingo ).
oops here the related xml
<ike_settings> <prompt_certificate>0</prompt_certificate> <description>SOCPUPS0023</description> <server>1.1.1.1111</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f4995520ee00120439964f3eddc13ccae6f63c7595c013957d0</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth>
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc wrote:I would threw the xml cfg file but serious aggressive mode should be the mode to use if the remote-peer ip_address is not known or your using a identifier ( aka group in cisco lingo ).
oops here the related xml
<ike_settings> <prompt_certificate>0</prompt_certificate> <description>SOCPUPS0023</description> <server>1.1.1.1111</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f4995520ee00120439964f3eddc13ccae6f63c7595c013957d0</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth>
Thanks emnoc,
I'll try that, do you know where I can find the xml file in os x? I will also keep in mind the aggressive mode option but I wanted to give main mode a shot since it encrypts the log in credentials too. Plus, I was curious as to how this would work using os x.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1> open the forticlient console
2> unlock the change button
3> go to perferences
4> hit the button backup
5> save a copy
5> F5/find the line
6> make the changes
7 > restore using the "changed forticlient cfg"
That's how I 've always done it. YMMV but just make sure you backup the cfg b4 doing any changes. Then you always have a "before" and "after"
;)
ken @ socpuppet.blogspot.com
PCNSE
NSE
StrongSwan
