Tfe

Projects/fortinet_ipsec_vpn_linux_configuration_files/vpn.conf

connections {
    MYVPN {
        unique = replace
            encap = yes

            version=1
            proposals=aes256-sha1-modp1536,aes256-sha256-modp1536 # MUST BE CHANGED ACCORDING TO FORTINET SETTINGS
            aggressive=yes
            rekey_time=24h

            remote_addrs=THE_DNS_OF_THE_IPSEC_SERVER
            local_addrs=%any # the ip addr of the outgoing interface
            vips=0.0.0.0,::
            #encap=yes
            children {
                dpd_action=start
                CAMPUS {
                    start_action=start
                    close_action=start
                    esp_proposals=aes256-sha1-modp1536,aes256-sha1-modp1536 # MUST BE CHANGED ACCORDING TO FORTINET SETTINGS
                    remote_ts= THE_NETWORK_YOU_WANT_TO_CONNECT_TO # Example 172.24.0.0/16
                    updown = /usr/lib/ipsec/_updown iptables
                    if_id_in = 51
                    if_id_out = 51
                }

            }
            local-0 {
                auth = psk
                id = thepsk
            }
            remote-0 {
                auth = psk
                id = %any
            }
            local-1 {
                auth = xauth
                xauth_id = THE_VPN_AUTH_USERNAME
            }
    }
}
pools {
}
authorities {
}
secrets {
    ike-0 {
        secret = "THE_NETWORK_VPN_PSK_PRE_SHARED_KEY"
        id-0 = thepsk
    }
    eap-1 {
        secret = "THE_VPN_USER_PASSWORD"
        id-1=THE_VPN_AUTH_USERNAME
    }
}