Connect FortiClient IPsec VPN via Ubuntu 18.04 KDE

networking ubuntu vpn ipsec

24,504

You should check out Strongswan which is the recommended IPSec initiator-responder in Ubuntu. You can install it from Ubuntu's repository i.e.: sudo apt-get install strongswan.

There are many ways to configure it: editing the legacy ipsec.conf file or using the swanctl tool. To install swanctl simply use sudo apt-get install strongswan-swanctl. If you're using Ubuntu Desktop then you can use the GUI to configure Strongswan just install the Strongswan module for Network Manager (sudo apt-get install network-manager-strongswan).

Command line config

A swanctl example config should look something like this:

Create a new cofig file into /etc/swanctl/config.d/ (work.conf or whatever)

Open that file with your favourite editor and setup the proper config which is going to be something like this:

connections {

    ikev1-psk-xauth {

        dpd_delay = 30
        dpd_timeout = 90
        version = 1
        remote_addrs = vpn.yourcompany.com

        local-1 {
            auth = psk
        }

        local-2 {
            auth = xauth
            xauth_id = username
        }

        remote-1 {
            auth = psk
        }

        children {
            ikev1-psk-xauth {
                remote_ts = 0.0.0.0/0
                dpd_action = restart
                close_action = start
                start_action = start
            }
        }
    }
}

secrets {
    ike-psk-remote {
        id = vpn.yourcompany.com
        secret = "this-is-the-shared-password" 

    }
    ike-psk-local {
        id = username
        secret = "this-is-the-user-xauth-password" 
    }

}

Save the config file then issue swanctl --load-all to start the connection. To check the status issue swanctl --list-sas and check out that the SAs are up and running.

This config is not tested and probably wont work as it is.

GUI config

Here is a guide with screenshots too: https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager

24,504

Borjovsky

Updated on September 18, 2022

Comments

Borjovsky over 1 year
I have just installed FortiClient 6.0.0.0029 in Ubuntu 18.04 - KDE.

I'm not shure, but looks like Linux's FortiClient has only SSL connection but not IPsec (which I need)...

Works ok in Windows 10, but mine has some bugs and I prefer to work with Ubuntu whenever possible. There is a form with:
- Connection type (SSL-VPN / IPsec VPN)
- Connection Name
- Description
- Remote Gateway
- Authentication Method (PreShared key in my case)
- Authentication (XAuth)
- Username
My company sent me only the data to fill that form, but I can't find anything like that in Ubuntu's version of FortiClient6.

Does anyone know an alternative to connect with linux, using that data? Maybe I don't need to use FortiClient specifically.

Thanks in advance!
bertieb almost 6 years

Welcome to Super User! Please read how to recommend software in answers, particularly the bits in bold; then edit your answer to follow the guidelines there. Thanks!
Borjovsky almost 6 years

Now that's what I call explanation! Thanks, I will try it as soon as possible!
Dominik Stańczak about 4 years

I downvoted your answer because openfortivpn does not do IPSEC, just SSL.