QUICK UPDATE: All the stuff written here still works for Ubuntu 14.04 LTS, 13.10
With this post I would like to share with you how I set up a vpn IPSEC-PSK client on Ubuntu 12.10 with Openswan, to connect to a Fortigate 110c.
- Ubuntu 12.10
- Fortigate 110c setup info
- Openswan version 2.6.37
Our company GIT repository is behind a Fortigate 110c, so every time I have to push or commit stuff to it, I need to connect to it using a vpn. Since Ubuntu is my main OS, I was using the Fortinet SSL client for it. What I noticed was that the connection on windows machine (using Fortinet ipsec client) was much more stable than mine, so I started to investigate how to connect to the fortigate using ipsec and Openswan as a client.
You need to modify two files
In the ipsec.secrets file you save your pre shared key, while in the ipsec.conf the connection details are saved.
So open in your preferred text editor the ipsec.secrets file and add:
: PSK "your secret key"
Then open ipsec.conf file and add:
#uncomment this line to view the debug
#left side is home if you're behind a firewall use your real ip
#use as leftsource ip an ip in the remote subnet
#right side is remote
#set right to vpn remote gateway
#set rightsubnet to remote network
#specify encryption FortiGate VPN uses
#perfect forward secrecy (default yes)
#optionally enable compression
now to restart/start the ipsec use
/usr/sbin/ipsec setup restart/start/stop
/usr/sbin/ipsec auto –add your_connection
/usr/sbin/ipsec auto –up your_connection
and that’s all!!
Linux man ipsec
Linux man ipsec_auto