Line 8: |
Line 8: |
| '''Prerequisites:''' | | '''Prerequisites:''' |
| | | |
− | * One RUT/RUTX series router with RUTOS firmware; | + | * One RUT/RUTX series router or TRB gateway with RUTOS firmware; |
− | * One Fortigate series router; | + | * One Fortinet series router; |
| * An end device (PC, Laptop) for configuration; | | * An end device (PC, Laptop) for configuration; |
| | | |
Line 17: |
Line 17: |
| ==Topology== | | ==Topology== |
| | | |
− | '''Fortigate''' – The Fortigate will act as a '''hub'''. A hub is a server, to which our spoke will be connected (IPsec responder). It will be our "default gateway" for the spoke device. Fortigate has a LAN subnet of 192.168.5.0/24 and WAN subnet of 192.168.10.2/24 configured on it, which should be reachable by the spoke. | + | '''Fortinet''' – The Fortinet will act as a '''hub'''. A hub is a server, to which our spoke will be connected (IPsec responder). It will be our "default gateway" for the spoke device. Fortinet has a LAN subnet of 192.168.5.0/24 and WAN subnet of 192.168.10.2/24 configured on it, which should be reachable by the spoke. |
| | | |
| '''RUT''' – '''RUTX11''' will act as a '''spoke'''. A spoke is a client, that will be connected to the spoke (IPsec initiator). It will be connected to a '''hub''' for basic internet access. RUTX11 has a LAN subnet of 192.168.1.0/24 and WAN subnet of 192.168.10.1/24 configured on it. | | '''RUT''' – '''RUTX11''' will act as a '''spoke'''. A spoke is a client, that will be connected to the spoke (IPsec initiator). It will be connected to a '''hub''' for basic internet access. RUTX11 has a LAN subnet of 192.168.1.0/24 and WAN subnet of 192.168.10.1/24 configured on it. |
| | | |
− | ==Fortigate (Hub) configuration== | + | ==Fortinet (Hub) configuration== |
− | Start by configuring the hub (Fortigate) device. Login to the WebUI, navigate to '''VPN → IPsec Tunnels → Create new → IPsec Tunnel → Template Custom'''. Configure everything as follows. | + | Start by configuring the hub (Fortinet) device. Login to the WebUI, navigate to '''VPN → IPsec Tunnels → Create new → IPsec Tunnel → Template Custom'''. Configure everything as follows. |
| | | |
| '''Note:''' ''Not specified fields can be left as is or changed according to your needs.'' | | '''Note:''' ''Not specified fields can be left as is or changed according to your needs.'' |
| ===Network configuration=== | | ===Network configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| # Remote Gateway – '''''Static IP Address;''''' | | # Remote Gateway – '''''Static IP Address;''''' |
| # IP Address – '''''192.168.10.1;''''' | | # IP Address – '''''192.168.10.1;''''' |
Line 33: |
Line 34: |
| ===Authentication configuration=== | | ===Authentication configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| # Method – '''''Pre-shared Key;''''' | | # Method – '''''Pre-shared Key;''''' |
| # Pre-shared Key – '''''your desired password;''''' | | # Pre-shared Key – '''''your desired password;''''' |
Line 39: |
Line 41: |
| ===Phase 1 Proposal configuration=== | | ===Phase 1 Proposal configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| # Encryption – '''''AES256;''''' | | # Encryption – '''''AES256;''''' |
| # Authentication - '''''SHA512;''''' | | # Authentication - '''''SHA512;''''' |
Line 46: |
Line 49: |
| ===Phase 2 Selectors configuration=== | | ===Phase 2 Selectors configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| '''''Click on Advanced settings;''''' | | '''''Click on Advanced settings;''''' |
| # Encryption – '''''AES256;''''' | | # Encryption – '''''AES256;''''' |
Line 59: |
Line 63: |
| ===Instance configuration=== | | ===Instance configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| # '''''Enable''''' instance; | | # '''''Enable''''' instance; |
− | # Remote endpoint - '''''Fortigate WAN IP;''''' | + | # Remote endpoint - '''''Fortinet WAN IP;''''' |
| # Authentication method - '''''Pre-shared key;''''' | | # Authentication method - '''''Pre-shared key;''''' |
− | # Pre-shared key - the '''''same password''''' you have '''''set on Fortigate''''' when configuring the '''''Fortigate HUB instance;''''' | + | # Pre-shared key - the '''''same password''''' you have '''''set on Fortinet''''' when configuring the '''''Fortinet HUB instance;''''' |
| # Local identifier – '''''RUT WAN IP;''''' | | # Local identifier – '''''RUT WAN IP;''''' |
− | # Remote identifier – '''''Fortigate WAN IP;''''' | + | # Remote identifier – '''''Fortinet WAN IP;''''' |
| [[File:Networking_webui_manual_IPsec_Instance_Configuration.png|border|class=tlt-border|center]] | | [[File:Networking_webui_manual_IPsec_Instance_Configuration.png|border|class=tlt-border|center]] |
| ===Connection general section configuration=== | | ===Connection general section configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| # Mode - '''''Start;''''' | | # Mode - '''''Start;''''' |
| # Type - '''''Tunnel;''''' | | # Type - '''''Tunnel;''''' |
Line 78: |
Line 84: |
| ===Connection advanced section configuration=== | | ===Connection advanced section configuration=== |
| ---- | | ---- |
| + | Make the following changes: |
| # '''''Enable local firewall''''' | | # '''''Enable local firewall''''' |
| #Remote DNS – '''''8.8.8.8;''''' | | #Remote DNS – '''''8.8.8.8;''''' |
Line 84: |
Line 91: |
| ===Proposal configuration=== | | ===Proposal configuration=== |
| ---- | | ---- |
− | | + | Make the following changes: |
| <table class="nd-othertables_2"> | | <table class="nd-othertables_2"> |
| <tr> | | <tr> |
Line 135: |
Line 142: |
| [https://openwrt.org/docs/guide-user/services/vpn/strongswan/basics OpenWrt Ipsec basics] | | [https://openwrt.org/docs/guide-user/services/vpn/strongswan/basics OpenWrt Ipsec basics] |
| | | |
− | [https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/762500/general-ipsec-vpn-configuration Fortigate Ipsec configuration] | + | [https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/762500/general-ipsec-vpn-configuration Fortinet Ipsec configuration] |