Fortigate to SoftEther IPSec Site to Site VPN?
Posted: Sun Jan 29, 2023 4:55 am
Hello. I have some experience with VPN but not much. Long story short I have an urgent (and perhaps temporary) need to set up a a site to site VPN between my company and a small partner. The purpose is to print directly from an application on our network to printers at theirs. We have Fortigate, they have a router that does not have VPN support. My company has one of our PC's on the partners LAN which we have remote access to (Splashtop). Among other ideas, one of them is to install SoftEther on the PC, forward UDP ports 500 and 4500, and create the VPN from the Fortigate to the SoftEther.
I've attempted to test this using my home network but I am stuck. I successfully forwarded the ports to the computer on my home LAN which is running SoftEther. I checked the box for IPSec Site to Site VPN, configured a PSK. Configured the VPN on the FG side as best I know, using the same PSK, my home ISP public IP as the remote peer, the local and remote networks that make up the VPN, etc. On the Fortigate side the VPN never comes up. In the SoftEther log file I see entries like this (IP's hidden):
2023-01-28 23:46:34.229 IPsec Client 418 (Company IP:4500 -> Home LAN IP:4500): A new IPsec client is created.
2023-01-28 23:46:35.239 IPsec Client 419 (Company IP:500 -> Home LAN IP:500): A new IPsec client is created.
2023-01-28 23:46:35.239 IPsec IKE Session (IKE SA) 247 (Client: 419) (Company IP:500 -> Home LAN IP:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xB0F2BFAEA0FDFF4F, Responder Cookie: 0x4123EF14830E0EBE, DH Group: MODP 1536 (Group 5), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 86400 seconds
2023-01-28 23:46:35.260 IPsec Client 419 (Company IP:500 -> Home LAN IP:500): This client (Client 419) and the other client (Client 418) is the same client. So they are merged to the client 418.
2023-01-28 23:46:35.260 IPsec Client 418 (Company IP:4500 -> Home LAN IP:4500):
2023-01-28 23:46:35.260 IPsec IKE Session (IKE SA) 247 (Client: 418) (Company IP:4500 -> Home LAN IP:4500): This IKE SA is established between the server and the client.
2023-01-28 23:46:44.233 IPsec Client 418 (Company IP -> Home LAN IP:4500): This IPsec Client is deleted.
2023-01-28 23:46:44.233 IPsec IKE Session (IKE SA) 247 (Client: 418) (Company IP:4500 -> Home LAN IP:4500): This IKE SA is deleted.
Would anyone possibly be able to help me or point me in the right direction? Thanks!
I've attempted to test this using my home network but I am stuck. I successfully forwarded the ports to the computer on my home LAN which is running SoftEther. I checked the box for IPSec Site to Site VPN, configured a PSK. Configured the VPN on the FG side as best I know, using the same PSK, my home ISP public IP as the remote peer, the local and remote networks that make up the VPN, etc. On the Fortigate side the VPN never comes up. In the SoftEther log file I see entries like this (IP's hidden):
2023-01-28 23:46:34.229 IPsec Client 418 (Company IP:4500 -> Home LAN IP:4500): A new IPsec client is created.
2023-01-28 23:46:35.239 IPsec Client 419 (Company IP:500 -> Home LAN IP:500): A new IPsec client is created.
2023-01-28 23:46:35.239 IPsec IKE Session (IKE SA) 247 (Client: 419) (Company IP:500 -> Home LAN IP:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xB0F2BFAEA0FDFF4F, Responder Cookie: 0x4123EF14830E0EBE, DH Group: MODP 1536 (Group 5), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 86400 seconds
2023-01-28 23:46:35.260 IPsec Client 419 (Company IP:500 -> Home LAN IP:500): This client (Client 419) and the other client (Client 418) is the same client. So they are merged to the client 418.
2023-01-28 23:46:35.260 IPsec Client 418 (Company IP:4500 -> Home LAN IP:4500):
2023-01-28 23:46:35.260 IPsec IKE Session (IKE SA) 247 (Client: 418) (Company IP:4500 -> Home LAN IP:4500): This IKE SA is established between the server and the client.
2023-01-28 23:46:44.233 IPsec Client 418 (Company IP -> Home LAN IP:4500): This IPsec Client is deleted.
2023-01-28 23:46:44.233 IPsec IKE Session (IKE SA) 247 (Client: 418) (Company IP:4500 -> Home LAN IP:4500): This IKE SA is deleted.
Would anyone possibly be able to help me or point me in the right direction? Thanks!