I have tried many many times but cannot figure out how to setup a VTI on Fortigate, the only example that I have found about point to point vpn with fortigate using VTI is regarrding Cisco.
The fortigate is at 5.4 and EdgeRouter 1.9.0
Now I have an Up and Running VPN beetween these two changing the remote subnet.
with local 10.84.46.176/28 and remote 10.84.84.0/24 it works but I cannot reach (obviously) the 10.180.206.17 for example.
I have added a static route like this but doesn't work, seems that the packet doesn't go through the vpn
static {
route 10.0.0.0/8 {
next-hop 10.84.44.150 {
}
}
}the 10.84.44.150 is the gateway that I have on the remote site.
the vpn part
ipsec {
auto-firewall-nat-exclude enable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs disable
proposal 1 {
encryption 3des
hash sha1
}
}
ike-group FOO0 {
ikev2-reauth no
key-exchange ikev2
lifetime 28800
proposal 1 {
dh-group 5
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
}
nat-traversal enable
site-to-site {
peer PUBLIC-REMOTE-IP-ADDR {
authentication {
mode pre-shared-secret
pre-shared-secret *****************
}
connection-type initiate
default-esp-group FOO0
description VPN
ike-group FOO0
ikev2-reauth inherit
local-address any
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group FOO0
local {
prefix 10.84.46.177/28
}
remote {
prefix 10.84.44.0/24
}
}
}
}
}