Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SulyIT
New Contributor

IPsec VPN on linux ?

Hi, 

 

I would like to know if it's possible to connect the VPN Remote Access IPsec (not the site2site) in Linux? 

 

I know that for the VPN SSL I can use openFortinet or something like that in linux, but apparently the IPsec VPN is not supported. 

 

Another questions, is there a way to start and stop the Ipsec VPN from command prompt or with an API?  

20 REPLIES 20
ericli_FTNT
Staff
Staff

You can install a FortiClient as a IPSEC client on Linux.

 

[link]https://www.forticlient.com/[/link]

SulyIT

As you can see in attachment the linux client doesn't support the IPSec VPN. 

It is possible to use another client for the connexion on linux? Or this is possible to use a regular site2site instead of the client? 

 

Thanks in advance 

ericli_FTNT

Sorry, double checked it. It turns out that currently linux version does not have this feature.

SulyIT

I was wondering, the VPN client for IPsec seems to use xAuth for the authentification. Do you think it's possible to use a third party client like openswan or VPNC on linux? 

 

Thanks,

emnoc
Esteemed Contributor III

yes  you have so many choices; strongswan/openswan/cisco-vpnclient/etc...

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
fstonedahl

Quick follow-up -- I'd also like to connect from a Linux client to an IPSec VPN on a Fortinet-based firewall.   I tried connecting using the gnome-based NetworkManager, so far to no avail...

 

SulyIT -- Did you eventually discover good software and settings that worked well for this purpose?  Thanks!

SulyIT

I found an entire way of doing it. Actually I now use a window client with Shrew Soft VPN. Regarding Linux I was able to configure strongswan, but it's not easy to found all the config that you need. On my side, I didn't have the access to the forti config since the connection is provided by client and they are not really techy. It was a guess and error. But the config for Shrew soft was similar so it helped. My initial project was to create a sort of gateway with client VPN since for each customer we have a VPN connection and we have a big lost in productivity switching between them. I wanted to create a bunch of Linux with the connection always up on certain client and to publish a script that will change the gateway. I know it's feasible with a site2site but I don't know for these kind of VPN.
Gnafu
New Contributor

Can you share a redacted version of you strongswan configuration?

 

I'm also struggling to connect to a Fortinet Gateway using linux.

Is there any instruction on the Fortinet site on how to do it?

SulyIT
New Contributor

I just want to give a followup. 

 

For connecting Fortigate IPsec client connection I used ShrewSoft. It was the easiest one to configure. 

It work well on linux and Windows. 

 

My initial goal was to transfer the Linux in a gateway and perform a NAT of the VPN connection.

 

I tried Strongswan one time and I was able to connect, but I switched to Shrewsoft since it was a bit easier and cross platform. 

 

For the Config, you dont really have other choice, if you dont have access to the Gateway Management, to open the profil that the Gateway push and try to replicade what's inside. The hardest one was to figure out the network part since most of these client push the IP configuration instead of having each side configuring theirs. 

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors