Fortinet

FortiGate—OSPF_over_IPsec

Reference

https://community.fortinet.com/t5/FortiGate/Technical-Tip-OSPF-routing-over-IPsec-site-to-site-VPN/ta-p/331645

Setup IPsec Phase1

# 設定IPsec Phase1
Login FortiGate CMD 
> config vpn ipsec phase1-interface
> set interface "port1"
> set peertype any
> set remote-gw 10.9.10.198
> set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
> set psksecret ENC "Your_Password"

Setup IPsec Phase2

config vpn ipsec phase2-interface
    edit "ipsec"
        set phase1name "ipsec"
        set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
        set src-addr-type subnet
        set dst-addr-type subnet
        set src-subnet 0.0.0.0 0.0.0.0
        set dst-subnet 0.0.0.0 0.0.0.0
    next

end

Setup OSPF

config router ospf
  
  # 設定RID
  set router-id 192.168.26.2

  # 設定area
    config area
      edit 0.0.0.0
    next
  end 

  config ospf-interface
    edit "ipsec"
      set interface "ipsec"
      set network-type point-to-point 
    next
  end

# 宣告其他網段參與OSPF
config network
  edit 2
    set prefix 192.168.1.0 255.255.255.252
  next
end

TroubleShooting

# 確認有哪一些介面有跑OSPF
get router info ospf interface

# sniffer確認proto 89有沒有跑在IPsec上面
diagnose sniffer packet any " proto 89 " 4 0 l

# 確認鄰居關係是否有建立
get router info ospf neighbor