Fortigate to StrongSwan cfg

conn %default
ikelifetime=480m
keylife=60m
rekeymargin=3m
keyingtries=5
keyexchange=ikev1
authby=secret

conn fortisOS
left=x.x.x.x
leftsubnet=192.168.2.0/24
leftid=x.x.x.x
leftfirewall=yes
right=y.y.y.y
rightsubnet=192.168.1.0/24
rightid=y.y.y.y
auto=add
ike=aes128-sha1-modp2048

esp=aes128-sha1     # PHASE2  IPSEC--SA must match FortiOS FGT

# make sure the ipsec secrets files matches the PSK on the FGT
 

cat  ipsec.secrets

# PSK on  FGT fortiOS

y.y.y.y : PSK MinesecuredPSK

======================FGT VPN route-based===================
config vpn ipsec phase1-interface
edit "STRGSWAN"
set interface "wan1"
set dhgrp 5 14
set proposal aes128-sha1
set remote-gw x.x.x.x
set psksecret MinesecuredPSK
set keepalive 30
next
end
config vpn ipsec phase2-interface
edit "STRGSWAN-P2-1"
set auto-negotiate enable
set keepalive enable
set pfs disable
set phase1name "STRGSWAN"
set proposal aes128-sha1
set replay disable
set dst-subnet 192.168.2.0 255.255.255.0
set keylifeseconds 3600
set src-subnet 192.168.1.0 255.255.255.0
next
end

 

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o