Pop Feed Daily

Home / updates

Connect FortiClient IPsec VPN via Ubuntu 18.04 KDE

Sarah Smith |

I have just installed FortiClient 6.0.0.0029 in Ubuntu 18.04 - KDE.

I'm not shure, but looks like Linux's FortiClient has only SSL connection but not IPsec (which I need)...

Works ok in Windows 10, but mine has some bugs and I prefer to work with Ubuntu whenever possible. There is a form with:

  • Connection type (SSL-VPN / IPsec VPN)
  • Connection Name
  • Description
  • Remote Gateway
  • Authentication Method (PreShared key in my case)
  • Authentication (XAuth)
  • Username

My company sent me only the data to fill that form, but I can't find anything like that in Ubuntu's version of FortiClient6.

Does anyone know an alternative to connect with linux, using that data? Maybe I don't need to use FortiClient specifically.

Thanks in advance!

2 Answers

You should check out Strongswan which is the recommended IPSec initiator-responder in Ubuntu. You can install it from Ubuntu's repository i.e.: sudo apt-get install strongswan.

There are many ways to configure it: editing the legacy ipsec.conf file or using the swanctl tool. To install swanctl simply use sudo apt-get install strongswan-swanctl. If you're using Ubuntu Desktop then you can use the GUI to configure Strongswan just install the Strongswan module for Network Manager (sudo apt-get install network-manager-strongswan).

Command line config

A swanctl example config should look something like this:

  • Create a new cofig file into /etc/swanctl/config.d/ (work.conf or whatever)

  • Open that file with your favourite editor and setup the proper config which is going to be something like this:

    connections { ikev1-psk-xauth { dpd_delay = 30 dpd_timeout = 90 version = 1 remote_addrs = vpn.yourcompany.com local-1 { auth = psk } local-2 { auth = xauth xauth_id = username } remote-1 { auth = psk } children { ikev1-psk-xauth { remote_ts = 0.0.0.0/0 dpd_action = restart close_action = start start_action = start } } }
}
secrets { ike-psk-remote { id = vpn.yourcompany.com secret = "this-is-the-shared-password" } ike-psk-local { id = username secret = "this-is-the-user-xauth-password" }
}

Save the config file then issue swanctl --load-all to start the connection. To check the status issue swanctl --list-sas and check out that the SAs are up and running.

This config is not tested and probably wont work as it is.

GUI config

Here is a guide with screenshots too:

1

forticlient 6 for linux does NOT do vpn.

check this out instead :

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like