Howto – Install and Configure Strongswan for connection with a Fortigate unit

vi /etc/network/interfaces
iface eth0:0 inet static
address 192.168.0.1
netmask 255.255.255.0
ifup eth0:0

sysctl -w net.ipv4.ip_forward=1
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth0:0 -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0:0 -o eth0 -j ACCEPT
iptables-save

apt install -y strongswan
 

# clearing iptables
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
sudo iptables -X

# This file is automatically generated. Do not edit
config setup
        uniqueids = yes

conn bypasslan
        leftsubnet = 192.168.20.0/24
        rightsubnet = 192.168.20.0/24
        authby = never
        type = passthrough
        auto = route

conn con1000
        fragmentation = yes
        keyexchange = ikev2
        reauth = yes
        forceencaps = no
        mobike = no

        rekey = yes
        installpolicy = yes
        type = tunnel
        dpdaction = restart
        dpddelay = 10s
        dpdtimeout = 60s
        auto = route
        left = 82.33.252.36
        right = 216.33.201.18
        leftid = 82.33.252.36
        ikelifetime = 28800s
        lifetime = 43200s
        ike = aes256-sha512-ecp512bp!
        esp = aes256-sha512-ecp512bp!
        leftauth = psk
        rightauth = psk
        rightid = 216.33.201.18
        rightsubnet = 10.0.0.0/8
        leftsubnet = 192.168.20.0/24