QUICK UPDATE: All the stuff written here still works for Ubuntu 14.04 LTS, 13.10
Hello folks!
With this post I would like to share with you how I set up a vpn IPSEC-PSK client on Ubuntu 12.10 with Openswan, to connect to a Fortigate 110c.
My environment:
- Ubuntu 12.10
- Fortigate 110c setup info
- Openswan version 2.6.37
Problem:
Our company GIT repository is behind a Fortigate 110c, so every time I have to push or commit stuff to it, I need to connect to it using a vpn. Since Ubuntu is my main OS, I was using the Fortinet SSL client for it. What I noticed was that the connection on windows machine (using Fortinet ipsec client) was much more stable than mine, so I started to investigate how to connect to the fortigate using ipsec and Openswan as a client.
You need to modify two files
/etc/ipsec.secrets /etc/ipsec.conf
In the ipsec.secrets file you save your pre shared key, while in the ipsec.conf the connection details are saved.
So open in your preferred text editor the ipsec.secrets file and add:
: PSK "your secret key"
Then open ipsec.conf file and add:
config setup #uncomment this line to view the debug #plutodebug="all" interfaces="ipsec0=eth0" nat_traversal=yes plutostderrlog=path_to_your_log_file nhelpers=0 conn your_connection #left side is home if you're behind a firewall use your real ip left=192.168.xxx.xxx #use as leftsource ip an ip in the remote subnet leftsourceip=172.xxx.xxx.xxx #right side is remote #set right to vpn remote gateway rightid=xxx.xxx.xxx.xxx right=xxx.xxx.xxx.xxx #set rightsubnet to remote network rightsubnet=172.xxx.xxx.0/24 keyexchange=ike auth=esp authby=secret #specify encryption FortiGate VPN uses ikelifetime=28800s esp=3des-sha1;modp1024 ike=3des-sha1,aes128-sha1;modp1024 #perfect forward secrecy (default yes) pfs=yes #optionally enable compression compress=no forceencaps=yes
now to restart/start the ipsec use
/usr/sbin/ipsec setup restart/start/stop
then run
/usr/sbin/ipsec auto –add your_connection
/usr/sbin/ipsec auto –up your_connection
and that’s all!!
Reference: