Layer 2 Device Hosting a VPN to provide Remote Fortigate

TryNewThings · ‎02-17-2022

Hello There,

I have a use case whereby we dont have access to the layer 3 device to provision an IPSec connection. Furthermore, the network is managed by a third party, so we cant migrate the LAN to a new Router/Firewall.

This means our only option to gain access to the client devices on the network is via VPN software/hardware tool which is installed as a layer 2 device. This could be Rasberry Pi, Windows Server, Windows 10, Linux etc.

The only Layer 2 Device solution im aware of is the Windows Routing and Remote Access (RRAS)

However, I dont beleive the FortiGate can connect to a SSTP VPN?

Any clever solutions welcome :)

Thank you in advance.

Markus_M · ‎02-17-2022

Hey,

you will likely need to know first how either of the two endpoints can contact each other.

Otherwise accessing a stranger network would be rather inseucre.

If you cannot manage the firewall in between you likely cannot do a port forward to the raspi.

You could however use strongswan/libreswan for example to connect to the known IP address of the FGT with a dialup VPN. So connect from inside the network to the firewall.

Example:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-LibreSwan-for-a-site-to-site-IPSec-t...

Best regards,

Markus

Layer 2 Device Hosting a VPN to provide Remote Fortigate

Nominate a Forum Post for Knowledge Article Creation