Folks,
I don’t see much content out there on this as I’m guessing it’s a problem, but has anyone setup any type of VPN service such as PrivateInternetAccess or NordVPN with Fortigate in the past? Are there any VPN services out there that use PSK or Signature based authentication with IPSEC? Only other route i may take is to setup an openvpn client on the machines i want to use a vpn service with.
Any thoughts would be appreciated.
No there is no such capability (especially for openvpn or wireguard- type services). If you can find a service that uses IPsec, then maybe.
Yeah there’s barely any overlap with VPN in the sense of “put me in a different country and hide me in the crowd”. The FortiGate solutions focus on the traditional sense of “access remote office’s network as if it were locally reachable and the internet were not between us”, there’s no intention or effort in providing the first sense of “VPN”. (you could certainly make your own infrastructure to do the same, but that’s way out of scope of this question)
In theory, you’d need to find something that’s compatible with what a FortiGate can support as a client.
IKEv1 IPsec: PSK/cert-auth, XAUTH on top is possible.
IKEv2 IPsec: PSK/cert-auth only. EAP is not supported when acting as client.
L2TP: I believe some low-end boxes support acting as an L2TP client, but AFAIK this is only plaintext, unencrypted, L2TP, which for sure won’t be among the offerings of privacy/VPN providers.
Nope. Use a client on the machines.
i see multiple vpn services that use ipsec, but authentication is done with eap-mschapv2 unfortunately. As far as i see, Fortigate doesn’t support.
i’ve been searching for various vpn service providers that those various authentication types work with and have not found one unfortunately. That’s alright, i’ll probably just run a vpn application or something on the system(s) i need to route through a vpn service. thx for the reply!
I think these are l2tp-type services which means they are not pure-play IPsec. FGT used to have l2tp support but not sure if it still has - perhaps someone else can comment?
It sounds nitpicky, but those are different things kinds of VPN tunnels.
Those aren’t straight IPsec.
Those are what are referred to as L2TP/IPsec (L2TP over IPsec). They wrap up PPP in a UDP stream (called L2TPv2), and encapsulate that in transport-mode IPsec.
I did a quick google and I don’t see that there is a built-in L2TP/IPsec client.