90.6. Android FortiClient VPN Client

90.6.1. Installing FortiClient VPN client

Go to https://play.google.com/store/apps/details?id=com.fortinet.forticlient_vpn&hl=en to download and install the FortiClient VPN client.

90.6.2. Checklist of parameters

This table show the parameters of FortiClient VPN Client and their corresponding parameters in Abilis configuration. The information must be inserted in a “mirror” way: i.e. “LOCAL” information for Abilis are “REMOTE” for IPsec VPN client and vice versa.

Table 90.7. Checklist of parameters

The FortiClient VPN client parameterAbilis IKE TableAbilis IKE Table parameter
Gateway (Tunnel Endpoint)HOSTLOC-IP
Pre-shared Key / GroupPwdPSKKEY
EncryptionHOSTCIPHER
Local IDHOSTKEY-ID
IKE ModeHOSTMODE
DH GROUPHOSTDH
AuthenticationHOSTAUTH
HashHOSTHASH
EncryptionCLIESP-CIPHER
AuthenticationCLIESP-AUTH

90.6.3. Configuring FortiClient VPN Client

Suppose that Abilis is configured in the following way. Refer to Section 83.19.1, “How to configure a RAS using IPSEC VPN server” to for the configuration of IPsec and IKE resources.

[14:52:09] ABILIS_CPX:d ike host:0

-------------------------------------------------------------------------------
HOST: NAME:                              LIFETIME: HASH:     DPD:    DPD-ACTION:
      LOCIP:          NATT:   MODE:      MODE-CFG: DH:               DPD-DELAY:
      REMIP:          SIDE:   AUTH:      XAUTH:    CIPHER:   SA-TRY: DPD-TOUT:
      XAUTH-USER:                        XAUTH-PWD:
      -- PSK ID ---------------------------------------------------------------
      ID-TYPE:        IP:/ID:
      PEER-ID-TYPE:   PEER-IP:/PEER-ID:
      -- RSA Cert -------------------------------------------------------------
      CERT-SEND:      ASN1-DN:
      CERT-PEER:      PEER-ASN1-DN:
      CERT-VERIFY:
-------------------------------------------------------------------------------
0     User_1_Aggressive                  3600      SHA1      YES     STOP
      188.138.018.018 SYS     AGGRESSIVE REQUEST   MODP1024          30
      *               AUTO    PSK        SERVER    AES128    3       120
      user1                              ********
      -- PSK ID ---------------------------------------------------------------
      LOCIP           
      KEY-ID          mykey2020
-------------------------------------------------------------------------------

[14:43:16] ABILIS_CPX:d ike cli:0

-------------------------------------------------------------------------------
CLI:  NAME:                                LIFETIME: ESP:        AH:
HOST: NET-LOC:           RULE:  PASSIVE:   PFS:      ESP-AUTH:   AH-AUTH:
      NET-REM:                  PERMANENT: TUNNEL:   ESP-CIPHER: MODE-CFG-DNS:
-------------------------------------------------------------------------------
0     user_1                               28800     YES         NO
0     000.000.000.000/00 IPSEC  YES        YES       SHA1        SHA1
      192.168.200.001/32        YES        YES       AES128      008.008.008.008
-------------------------------------------------------------------------------


[14:12:48] ABILIS_CPX:d ike psk:0

-------------------------------------------------------------------------------
PSK: KEY:     PEER-ID-TYPE:  PEER-IP:/PEER-ID:
-------------------------------------------------------------------------------
0    ******** KEY-ID         mykey2020

To configure an Android FortiClient VPN Client for IPsec VPN connection with Abilis, follow these settings:

  1. Open FortiClient VPN Client settings:

  2. Go to "Server settings" and insert the configuration parameters (Abilis IP, PSK, KEY-ID, Aggressive Mode):

  3. Go to "IPsec phase 1 settings":

  4. Go to "IPsec XAuth settings":

  5. Go to "IPsec phase 2 settings":

  6. Return to Main Menu, insert the XAUTH password an click "LOGIN":

  7. The VPN icon appears in the status bar to indicate that the connection is successful: