[Openswan Users] Openswan + Fortigate shared key problem

Paul Wouters paul at xelerance.com
Sun Sep 28 10:55:24 EDT 2008

On Sun, 28 Sep 2008, Marcin J. Kowalczyk wrote:

>  I'm trying to setup connection between Openswan 2.4.12 and fortigate 
> VPN.  Only information I received from person who administrates Forti is:
> "Remote Peer:  81.xx.xx.66
> Inside-Net:
> Pre shared key:
> esp-3des esp-md5-hmac
> authentication pre-share
> encryption 3des
> hash md5
> group 2
> lifetime 86400 "

> conn forti
>         type=           tunnel
>         authby=         secret
>         #RRT
>         left=           78.xx.xx.20
>         leftsubnet=

Does the other admin have this subnet defined for you?

>         leftnexthop=    %defaultroute
>         #SAA
>         right=          81.xx.xx.66
>         rightsubnet=
>         esp=            esp-md5-hmac


>         ike=            3des-md5-hmac


>         keyexchange=    ike
>         pfs=            no
>         auto=           start
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
> in /etc/ipsec.d/forti.secret I've put password I received from VPN 
> admin. Can anybody help me with configuration of this connection?

If this does not work, you should show the logs so we can see
the problem. Or even better, have them connect to you and show
the problem because then you receive their proposal and you can
match it.


More information about the Users mailing list