Fortigate Device to Opnsense Site to Site VPN

Example IP of OpnSense : 1.1.1.1

Local IP of OpenSense : 172.40.1.0/24

Example IP of Forti : 2.2.2.2

Local IP of Forti : 192.168.13.0/24

Forti Config

( Remember to add Static Routes and Policies with NAT ) 

config vpn ipsec phase1-interface
    edit "Forti-Opn"
        set interface "port1"
        set ike-version 2
        set keylife 28800
        set peertype any
        set net-device disable
        set proposal aes256-sha256
        set dhgrp 14
        set nattraversal enable
        set transport auto
        set remote-gw 1.1.1.1
        set psksecret "[REDACTED]"
    next
end
config vpn ipsec phase2-interface
    edit "Phase2"
        set phase1name "Forti-Opn"
        set proposal aes256-sha256
        set dhgrp 14
    next
end

OpnSense Config

You will need to whitelist VPN Ports on WAN

<preSharedKey uuid="7c6e2937-4669-40c8-8d40-bfb61f263fa2">
  <ident>1.1.1.1</ident>
  <remote_ident>2.2.2.2</remote_ident>
  <keyType>PSK</keyType>
  <Key>[REDACTED]</Key>
  <description>FG-PSK</description>
</preSharedKey>

IPSECConfig

<Connection uuid="42820841-7655-4c82-ba28-69819916dcdb">
  <enabled>0</enabled>
  <proposals>aes256-sha256-modp2048</proposals>
  <unique>no</unique>
  <aggressive>0</aggressive>
  <version>2</version>
  <mobike>1</mobike>
  <local_addrs>1.1.1.1</local_addrs>
  <local_port/>
  <remote_addrs>2.2.2.2</remote_addrs>
  <remote_port/>
  <encap>0</encap>
  <reauth_time/>
  <rekey_time/>
  <over_time/>
  <dpd_delay>10</dpd_delay>
  <dpd_timeout/>
  <pools/>
  <send_certreq>1</send_certreq>
  <send_cert/>
  <keyingtries/>
  <description>RLBV -FG-S2S</description>
</Connection>
<local uuid="9edd4249-c87d-44ef-8cd7-9db703031d2a">
  <enabled>1</enabled>
  <connection>42820841-7655-4c82-ba28-69819916dcdb</connection>
  <round>0</round>
  <auth>psk</auth>
  <id>1.1.1.1</id>
  <eap_id/>
  <certs/>
  <pubkeys/>
  <description>LocalID</description>
</local>
<remote uuid="73ad72d2-122f-4faf-9e56-a8cb90f6b8dd">
  <enabled>1</enabled>
  <connection>42820841-7655-4c82-ba28-69819916dcdb</connection>
  <round>0</round>
  <auth>psk</auth>
  <id>2.2.2.2</id>
  <eap_id/>
  <groups/>
  <certs/>
  <cacerts/>
  <pubkeys/>
  <description>RemoteID</description>
</remote>
<child uuid="c7fad1f8-a4e8-46bb-9298-ce7af5bedb6a">
  <enabled>1</enabled>
  <connection>42820841-7655-4c82-ba28-69819916dcdb</connection>
  <reqid/>
  <esp_proposals>aes256-sha256-modp2048</esp_proposals>
  <sha256_96>0</sha256_96>
  <start_action>start</start_action>
  <close_action>none</close_action>
  <dpd_action>clear</dpd_action>
  <mode>tunnel</mode>
  <policies>1</policies>
  <local_ts>172.40.1.0/24</local_ts>
  <remote_ts>192.168.13.0/24</remote_ts>
  <rekey_time>3600</rekey_time>
  <description/>
</child>
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely