RE: Linux FW vpn tunnel to Fortigate

Wed, 13 Apr 2011 13:11:55 -0700 

What does the Fortigate side look like?  I know others have gotten Openswan and 
Fortigate working.  Also, you may want to search the Openswan archives:  
http://lists.openswan.org/pipermail/users/

Maybe post a message to the Openswan list.

-Jeff

From: Cameron Cooper [mailto:[email protected]]
Sent: Wednesday, April 13, 2011 1:31 PM
To: NT System Admin Issues
Subject: Linux FW vpn tunnel to Fortigate

All,

We are trying to setup a VPN tunnel between a ClearOS firewall (using OpenSwan 
IPSec) to a Fortigate Firewall.

Here's the point that it looks like it's failing to connect:

000 #1: "hqnetaurc9-satnetaurc9":500 STATE_MAIN_I1 (sent MI1, expecting MR1); 
EVENY_RETRANSMIT in 26s; nodpd; idle; import:admin initiate
000 #1: pending Phase 2 for "hqgateaurc9-satgateaurc9" replacing #0
000 #1: pending Phase 2 for "hqnetaurc9-satnetaurc9" replacing #0


Here's what our ipsec.conf file looks like:

#confi setup
#             kilpsdebug=all
#             plutodebug=all

Config setup
                Interfaces=%defaultroute
                Protostack=netkey
                Kilpsdebug=none
                Plutodebug=none
                Virtual_private=%v4:{our office subnet},%v4:{remote office 
subnet}

Conn %default
                Authby=secret
                Auto=start
                Rightupdown=/usr/libexec/ipsec/_updown.app
                Leftupdown=/usr/libexec/ipsec/_updown.app

Conn fortigate
                Type=tunnel
                Auto=add
                Left={main office ip}
                Leftsubnet={main office subnet}
                Leftnexthop=%defaultroute
                Leftid=%any
                Right={remote office ip}
                Rightsubnet={remote subnet}
Rightnexthop=%defaultroute
Righted=-%any
Keyexchange=ike
Ike=3des
Ikelifetime=28800s
Auth=esp
Authby=secret
Esp=3des
Compress=no
Pfs=yes
Auto=add
Rekey=yes


Any ideas?

Thank you,

_____________________________
Cameron Cooper
System Administrator | CompTIA A+ Certified

Aurico
Phone: 847-890-4021 | Fax: 847-255-1896
[email protected]<mailto:[email protected]> | www.aurico.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

Reply via email to