Hot!IPsec VPN on linux ?

Author
SulyIT
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/29 13:07:06
  • Status: offline
2018/06/06 13:15:21 (permalink)
0

IPsec VPN on linux ?

Hi, 
 
I would like to know if it's possible to connect the VPN Remote Access IPsec (not the site2site) in Linux? 
 
I know that for the VPN SSL I can use openFortinet or something like that in linux, but apparently the IPsec VPN is not supported. 
 
Another questions, is there a way to start and stop the Ipsec VPN from command prompt or with an API?  
#1

11 Replies Related Threads

    ericli_FTNT
    Gold Member
    • Total Posts : 127
    • Scores: 4
    • Reward points: 0
    • Joined: 2018/02/08 11:12:27
    • Status: offline
    Re: IPsec VPN on linux ? 2018/06/06 14:09:51 (permalink)
    0
    You can install a FortiClient as a IPSEC client on Linux.
     
    https://www.forticlient.com/
    #2
    SulyIT
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/29 13:07:06
    • Status: offline
    Re: IPsec VPN on linux ? 2018/06/06 14:54:12 (permalink)
    0
    As you can see in attachment the linux client doesn't support the IPSec VPN. 
    It is possible to use another client for the connexion on linux? Or this is possible to use a regular site2site instead of the client? 
     
    Thanks in advance 

    Attached Image(s)

    #3
    ericli_FTNT
    Gold Member
    • Total Posts : 127
    • Scores: 4
    • Reward points: 0
    • Joined: 2018/02/08 11:12:27
    • Status: offline
    Re: IPsec VPN on linux ? 2018/06/06 15:09:47 (permalink)
    0
    Sorry, double checked it. It turns out that currently linux version does not have this feature.
    #4
    SulyIT
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/29 13:07:06
    • Status: offline
    Re: IPsec VPN on linux ? 2018/06/07 19:01:55 (permalink)
    0
    I was wondering, the VPN client for IPsec seems to use xAuth for the authentification. Do you think it's possible to use a third party client like openswan or VPNC on linux? 
     
    Thanks,
    #5
    emnoc
    Expert Member
    • Total Posts : 5093
    • Scores: 315
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: IPsec VPN on linux ? 2018/06/07 19:18:54 (permalink)
    0
    yes  you have so many choices; strongswan/openswan/cisco-vpnclient/etc...
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #6
    fstonedahl
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/12 16:55:48
    • Status: offline
    Re: IPsec VPN on linux ? 2018/08/12 17:00:04 (permalink)
    0
    Quick follow-up -- I'd also like to connect from a Linux client to an IPSec VPN on a Fortinet-based firewall.   I tried connecting using the gnome-based NetworkManager, so far to no avail...
     
    SulyIT -- Did you eventually discover good software and settings that worked well for this purpose?  Thanks!
    #7
    emnoc
    Expert Member
    • Total Posts : 5093
    • Scores: 315
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: IPsec VPN on linux ? 2018/08/13 01:26:20 (permalink)
    0
    review  strongswan. It's suitable for ipsec vpn  and for dialup  applications.

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #8
    SulyIT
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/29 13:07:06
    • Status: offline
    Re: IPsec VPN on linux ? 2018/08/13 15:00:19 (permalink)
    0
    I found an entire way of doing it. Actually I now use a window client with Shrew Soft VPN.

    Regarding Linux I was able to configure strongswan, but it's not easy to found all the config that you need. On my side, I didn't have the access to the forti config since the connection is provided by client and they are not really techy. It was a guess and error. But the config for Shrew soft was similar so it helped.

    My initial project was to create a sort of gateway with client VPN since for each customer we have a VPN connection and we have a big lost in productivity switching between them. I wanted to create a bunch of Linux with the connection always up on certain client and to publish a script that will change the gateway.

    I know it's feasible with a site2site but I don't know for these kind of VPN.
    #9
    HancieC
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/30 06:40:50
    • Status: offline
    Re: IPsec VPN on linux ? 2018/08/30 07:31:56 (permalink)
    0
    Do anyone tried to connect StrongSwan tunnel (route-based) IPSEC mode to Cisco router (ISR) or maybe someone have an instruction how to do it ?
    I need to connect an linux instance from cloud to Cisco ISR router
    post edited by HancieC - 2018/08/31 03:05:58

    Users recommendations and ratings
    #10
    Gnafu
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/19 09:16:33
    • Status: offline
    Re: IPsec VPN on linux ? 2018/11/19 09:23:55 (permalink)
    0
    Can you share a redacted version of you strongswan configuration?
     
    I'm also struggling to connect to a Fortinet Gateway using linux.
    Is there any instruction on the Fortinet site on how to do it?
    #11
    SulyIT
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/29 13:07:06
    • Status: offline
    Re: IPsec VPN on linux ? 2019/01/10 09:55:00 (permalink)
    0
    I just want to give a followup. 
     
    For connecting Fortigate IPsec client connection I used ShrewSoft. It was the easiest one to configure. 
    It work well on linux and Windows. 
     
    My initial goal was to transfer the Linux in a gateway and perform a NAT of the VPN connection.
     
    I tried Strongswan one time and I was able to connect, but I switched to Shrewsoft since it was a bit easier and cross platform. 
     
    For the Config, you dont really have other choice, if you dont have access to the Gateway Management, to open the profil that the Gateway push and try to replicade what's inside. The hardest one was to figure out the network part since most of these client push the IP configuration instead of having each side configuring theirs. 
     
     
    post edited by SulyIT - 2019/01/10 09:57:20
    #12
    Jump to:
    © 2019 APG vNext Commercial Version 5.5