Dialup IPSec VPN to Fortigate from Ubuntu

From OISecWiki
Revision as of 08:24, 5 February 2025 by Cliff (talk | contribs) (Created page with "To setup a IPSec Dialup VPN towards a fortigate from a Linux machine, you need to install strongswan, and edit the following files: ipsec.conf:<pre> conn fortigate keyexchange = ikev1 ikelifetime=1440m keylife=60m ike = aes128-sha1-modp1536 esp = aes128-sha1-modp1536 type = tunnel aggressive = yes xauth = client right = FORTIGATE_WAN_IP rightsubnet = 0.0.0.0/0 rightauth = psk left = %defaultroute leftsourceip=%config leftauth = psk left...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

To setup a IPSec Dialup VPN towards a fortigate from a Linux machine, you need to install strongswan, and edit the following files:

ipsec.conf:

conn fortigate

  keyexchange = ikev1
  ikelifetime=1440m
  keylife=60m
  ike = aes128-sha1-modp1536
  esp = aes128-sha1-modp1536
  type = tunnel

  aggressive = yes
  xauth = client

  right = FORTIGATE_WAN_IP
  rightsubnet = 0.0.0.0/0
  rightauth = psk

  left = %defaultroute
  leftsourceip=%config
  leftauth = psk
  leftauth2 = xauth
  xauth_identity = FORTIGATE_USER_NAME

  auto = add
  leftupdown = /usr/lib/ipsec/updown.sh

ipsec.secrets

FORTIGATE_WAN_IP : PSK "FORTIGATE_PSK"
FORTIGATE_USER_NAME : XAUTH "FORTIGATE_USER_PASSWORD"

Afterwards do:

systemctl restart strongswan-starter
ipsec up fortigate
Retrieved from "https://wiki.oisec.net/mediawiki/index.php?title=Dialup_IPSec_VPN_to_Fortigate_from_Ubuntu&oldid=383"