IKE v2 + one P1 + EAP between two Fortigates

Agent_1994 · ‎07-11-2018

Hello Forum,

I'm currently trying to do something similar to this recpipe: https://cookbook.fortinet.com/hub-and-spoke-vpn-using-quick-mode-selectors/, but using IKE v2. TL;DR: Many remote sites using the same phase 1 settings, using the same PSK and local id but XAuth for identifying the remote sites.

With IKE v2 we don't have XAuth, but we do have EAP. However, I couldn't find any equivalent for authusr and authpasswd in EAP... and yes, I have RTFM .

Any hints? Or should I go back to IKE v1?

Thanks in advance,

emnoc · ‎07-11-2018

Here's you go, I just posted new blogs on IKEv2 a few weeks back. You read these for more how to and issues IKEv2.

http://socpuppet.blogspot.com/2018/06/fortios-and-eap-identity-vpn.html

http://socpuppet.blogspot.com/2018/06/ncp-vpnclient-ikev2-with-fortios-v60.html

http://socpuppet.blogspot.com/2018/07/ikev2notifytsunacceptable.html

It should be very clear on how you would go about it with EAP.

PCNSE

NSE

StrongSwan

Agent_1994 · ‎07-12-2018

Thanks for your reply, I'll take a look and get back here to post the results.

PS: Nice blog, I already bookmarked it.

emnoc · ‎07-12-2018

Be careful of send EAP identities and you should be okay.

PCNSE

NSE

StrongSwan