0

I have a firewall Fortigate 60D and I need to create a tunnel to a L2TP/IPSEC server, so the firewall has to act as a client.

Is it possible?

I configured the L2TP/IPSEC server on a Linux Debian machine using Libreswan and I can connect to it using an android phone but I am not able to do the same with the Fortigate firewall.

This is my server ipsec.conf:

version 2.0

config setup
  dumpdir=/var/run/pluto/
  nat_traversal=yes
  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.10.6.0/24
  oe=off
  protostack=netkey
  nhelpers=0
  interfaces=%defaultroute

conn vpnpsk
  connaddrfamily=ipv4
  auto=add
  left=public_server_ip
  leftid=public_server_ip
  leftsubnet=public_server_ip/32
  leftnexthop=%defaultroute
  leftprotoport=17/1701
  rightprotoport=17/%any
  right=%any
  rightsubnetwithin=0.0.0.0/0
  forceencaps=yes
  authby=secret
  pfs=no
  type=transport
  auth=esp
  ike=3des-sha1,aes-sha1
  phase2alg=3des-sha1,aes-sha1
  rekey=no
  keyingtries=5
  dpddelay=30
  dpdtimeout=120
  dpdaction=clear

Thank you for the help

Thiago Figueiro
  • 830
  • 1
  • 6
  • 18
user335672
  • 1
  • 1
  • 1

2 Answers2

1

You can specify the connection type in the GUI under "Remote Gateway". Setting it to "Dialup User" is what you want.

VPN Edit

You can also use the "type" option in the phase1-interface table.

conf vpn ipsec phase1-interface
    edit <tunnel>
        set type dynamic ?

        static     Remote VPN gateway has fixed IP address.
        dynamic    Remote VPN gateway has dynamic IP address.
        ddns       Remote VPN gateway has dynamic IP address and is a dynamic DNS client.

        set type dynamic

    end
ecnepsnai
  • 234
  • 3
  • 16
0

You can do this using the wizard or CLI on the Fortigate - configure it on the Fortigate side as a dialup VPN instead of site-to-site.

vigilem
  • 579
  • 2
  • 7