Setup End-to-Site VPN on FortiOS 5.2 for Linux
Environment
Content
Basically, following (Fortinet) Technical Note: How to configure Linux version of Shrew Soft VPN with a FortiGate to set for my works
Only difference that was Diffie-Hellman Groups as currently better not to use DH Groups 1, 2, and 5 if available
From Internet Key Exchange in VPN Technologies | Next Generation Encryption (Cisco)
References
Update
- Ubuntu 16.04 x64
- FortiOS 5.2
Content
Basically, following (Fortinet) Technical Note: How to configure Linux version of Shrew Soft VPN with a FortiGate to set for my works
$ sudo apt-get install ike-qtgui
Only difference that was Diffie-Hellman Groups as currently better not to use DH Groups 1, 2, and 5 if available
From Internet Key Exchange in VPN Technologies | Next Generation Encryption (Cisco)
Use the following guidelines when configuring Internet Key Exchange (IKE) in VPN technologies:
- Avoid IKE Groups 1, 2, and 5.
- Use IKE Group 15 or 16 and employ 3072-bit and 4096-bit DH, respectively.
- When possible, use IKE Group 19 or 20. They are the 256-bit and 384-bit ECDH groups, respectively.
- Use AES for encryption.
References
- (Fortinet) Technical Note: How to configure Linux version of Shrew Soft VPN with a FortiGate
- Internet Key Exchange in VPN Technologies | Next Generation Encryption (Cisco)
Update