Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
edvjacek
New Contributor

Ubuntu, FortinetClient and IPSec

Hi,

 

I need to connect my Ubuntu 20.04 machine to my local network using Fortinet Client in the IPSec mode. The Fortinet Client for Linux doesn't support the IPSec mode, so I try to find a workaround. The idea was to use an Android phone (Samsung A40) with Fortinet Client (this app supports IPSec mode) and to turn on a hotspot on the phone. Unfortunately it doesn't work. I think the reason is that the Fortinet Client is running "after" the hotspot, so only apps on my phone can use the VPN. Am I right? Is it possible to configure the client (or the phone) to "move" the client "before" the hotspot?

 

Or any other ideas how to connect my Ubuntu machine with my local network using Fortinet Client?

 

Regards,

Jacek

3 REPLIES 3
mike_dp
New Contributor

We use SSLVPN for Linux Forticlients.

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6

FortiAnalyzer, ForticlientEMS

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6 FortiAnalyzer, ForticlientEMS
sw2090
Honored Contributor

As long as FortiClient didn't support IPSec on Linux I switched to Strongswan coming with almost every distro in the standard repos. Thus that has no gui and you have to configure everything manually (which I don't mind) it works fine with our FGT at Work.  

There is a plugin for strongswan and ubutu's networkmanager but afair it did not provide all settings i needed to make the vpn work.

 

Meanwhile btw the FortiClient for Linux does support IPSec. Correction: it still does only support sslvpn in linux! Fortinet just have to fix their dependencies for they can no longer be met in some current distros anymore. It still does install fine in Ubuntu 22.04.

However one can workaround those dependency issues by using some packages from debian buster to meet them.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090
Honored Contributor

So in addition if you need to do ipsec vpn to a FortiGate on linux you cannot use forticlient or openfortivpn as they all only support sslvpn. You will have to switch to something else like strongswan or openswan on cli. I haven't yet found any usefull ipsec capable client with gui on linux so far...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors