I really want to connect to a Fortigate IPsec VPN from Linux, but “it’s not working” (see below).
I tried Shrewsoft first, but it wasn’t compiling, and while I was searching for a fix, I heard that Shrewsoft VPN is moribund.
I’ve moved on to vpnc, but I’m not having much luck with that either. My redacted config file is below, along with the error I’m getting.
It bothers me more than a little that ike-scan thinks my gateway isn’t handshaking. Also, my IT guy says there are no failed login attempts on the Fortigate side.
My vpnc config looks like:
IPSec gateway redacted.example.com
IPSec ID redacted
IPSec secret redacted
#IKE Authmode hybrid
IKE Authmode psk
Xauth username redacted
#Xauth password redacted
The error I get is:
$ vpnc-connect
Enter password for user@redacted.example.com:
vpnc-connect: no response from target
If I strace vpnc, I can see it timing out trying to poll for an answer back from udp/500 on host.example.com.
I see something similar if I try to ike-scan host.example.com:
Starting ike-scan 1.9.4 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
Ending ike-scan 1.9.4: 1 hosts scanned in 3.311 seconds (0.30 hosts/sec). 0 returned handshake; 0 returned notify
It’s like I have the wrong server or something, but the hostname does resolve, and I can see the UDP/500 port open|filtered in the output from:
nmap -P0 -sU -p 500 host.example.com
I’ve got some special characters in my PSK, including a comment character, but I don’t think that’s supposed to matter to vpnc.
I’m on Debian 10.10. and I’m using vpnc 0.5.3r550-3
Fortigate as the server is a requirement, but we have a lot of flexibility on the client. As long as it’s Debian Linux.
Any suggestions?
Thanks!
