[Openswan Users] Help with OpenSwan to Fortigate IPsec VPN

Tyler J. Wagner tyler at tolaris.com
Tue Aug 30 01:49:48 EDT 2011

Hello all,

I've been trying to bring up an IPsec VPN between a ClearOS 5.2 device and
a Fortigate router. If anyone has advice or a working example of such a
configuration, I would really appreciate the help.

The ClearOS GUI is useless for this, so I'm really just using a generic
OpenSwan device. On the ClearOS router, the firewall passes esp and ah
traffic input and output, and does not masquerade it. rp_filter is
disabled, and of course ip_forwarding is enabled.

Attached is a condensed ipsec.conf from the ClearOS GUI.

On the Fortigate router, I've created a "route-based VPN", to use the
Fortigate terminology from their IPsec user guide. This means I've
established an IPsec configuration, then created firewall policies for
internal-to-ipsec and ipsec-to-internal traffic directions. I already have
a working Fortigate-to-Fortigate IPsec VPN using this configuration. This
is a second link.

Attached are screenshots of the IPsec config from the Fortigate router.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: fortigate phase1.png
Type: image/png
Size: 78318 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110830/3e220d88/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fortigate phase2.png
Type: image/png
Size: 52715 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110830/3e220d88/attachment-0003.png 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.conf
Url: http://lists.openswan.org/pipermail/users/attachments/20110830/3e220d88/attachment-0001.pl 

More information about the Users mailing list