Shrew Soft VPN Client を使用して CentOS から FortiGate へ IPsec VPN接続する

インストール参考情報

How to install Shrew Soft IPsec VPN client on Linux
(Ubuntu, Debian, Linux Mint, CentOS, Fedora, RHEL)

https://www.xmodulo.com/install-shrew-soft-ipsec-vpn-client-linux.html

環境

CentOS に Shrew VPN Client をインストールする

$ sudo yum install qt-devel cmake gcc-c++ openssl-devel libedit-devel flex bison
$ wget https://www.shrew.net/download/ike/ike-2.2.1-release.tbz2
$ tar xvfvj ike-2.2.1-release.tbz2
$ cd ike
$ cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES .
$ make
$ sudo make install
$ cd /etc/
$ sudo mv iked.conf.sample iked.conf

インストール後の設定
$ sudo vi /etc/ld.so.conf
下記1行を追加
include /usr/lib/
$ sudo ldconfig

Shrew VPN Client 設定 (サンプル)

$ sudo iked
$ qikea
Add

General - Remote Host - Host Name or IP Address
-> FortiGate ホスト名 or IPアドレス

Authentication - Authentication Method
-> Mutual PSK + XAuth

Authentiaction - Credentials -> Pre Shared Key
-> Pre Shared Key

Phase1
Exchange Type -> aggressive
DH Exchange -> group 5
Cipher Algorithm -> aes
Cipher Key Lenght -> 256
Hash Algorithm -> sha2-256
Key Life Time Limit -> 86400
Key Life Time Data Limit -> 0

Phase2
Transform Algorithm -> esp-aes
Transform Key Length -> 256
HMAC Algorithm -> sha1
PFS Exchange -> group 5
Compression Algorithm -> disabled
Key Life Time Limit -> 43200
Key Life Data Limit -> 0

Save