Here are some tips on how to configure this scenario.
- Configure Openswan using this article for guidance.
- On your host running Openswan put the following information in your connection definition:
#left side is home
left=%defaultroute
#leftsubnet is the IP of your host with a /32 bit subnetmask
leftsubnet=2.2.2.2/32
#right side is work
#set right to vpn remote gateway
right=1.2.3.4
#set rightsubnet to remote network
rightsubnet=192.168.1.0/24
keyexchange=ike
#auth=esp
#Automatically bring up VPN tunnel auto=start
auto=start
authby=secret
#specify encryption FortiGate VPN uses
esp=3des
#perfect forward secrecy (default yes)
#optionally enable compression
compress=yes
The key here is that the leftsubnet parameter is the IP address of your Openswan host.
On the Fortigate firewall configure your Phase 1 parameters with the appropriate settings.
In Phase 2 edit the Quick Mode Selectors in the "Advanced" section as follows:
Source Address: 192.168.1.0/24
Source Port: 0
Destination Address: 2.2.2.2
Destination Port: 0
Protocol: 0
This tells the firewall that on one side it is expecting the 192.168.1.0/24 network and on the remote side it is only expecting to connect to a single host, 2.2.2.2.
1 comment:
This post is very intrested indeed but for the life of me i couldnt get it to work with my work fortigate.
I've been trying to use openswan to connect from my laptop to the fortigate but had no success it seems like its dropping the connection at phase 2.
i wish there was a forticlient version for linux.
can you elaborate or give some more info regarding this matter.
Thank you so much you blog has been very very helpful.
Post a Comment